Webmin 1.890 Cross Site Scripting

Webmin version 1.890 suffers from a cross site scripting vulnerability.


MD5 | 6c0864db4d44c74ed081288ffd52c7cb

# Vulnerability type: Reflected Cross Site Scripting

# Vendor: <https://www.k2.com/> http://www.webmin.com/index.html

# Product: Webmin

# Affected version: 1.890

# Credit: Foo Jong Meng

# CVE ID: CVE- 2018-19191



# DESCRIPTION:

After logging into the webmin interface, attack can be launched by injecting
the XSS payload at the affected parameters. The XSS is noted in the
following webmin parameters https://x.x.x.x:10000/affected-parameters:

u /config.cgi?webmin (GET)

u /shell/index.cgi (POST) history parameter

u /shell/index.cgi?stripped=1 (POST)

u /webminlog/search.cgi (GET) uall and mall parameters



# SAMPLE PAYLOAD:

"<script>alert(0)</script>

<script>alert(%22%78%73%73%22)</script>abc





# PROOF OF CONCEPT:

1. Use a web proxy (i.e zapproxy, burp) to intercept the affected "GET" and
"POST" requests for:

https://x.x.x.x:10000/affected-parameters



2. Inject the XSS payload at the affected parameters.



3. The payload will be executed.



Developer has issued an updated version of webmin with the vulnerabilities
reported.




Related Posts