[GYATT]

Hello, Breachforums community.

I know this is old, but this is a great POC. Ive seen and used it many times to deface sites and get data. All you need to do is search Webmin 1.890 in Censry or Shodan.io, whichever you prefer, then see the port it's on; it's usually on default, then follow instructions on this GitHub script. 

Hidden Content

You must register or login to view this content.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Threatening forum members

[Aanya]

A command injection in the password_change.cgi , so when reseting password the HTTP parameter 'expire' wasn't filtering user inputs , so for poc they did sent an ' echo random string' and if it returned output it shows as vulnerable , for RCE , you just have to send the commands you want to execute rather than random string . Intrestingggg :kitten2:

[mothertaster]

aight thank you bro i'll check it out

[Hxp7]

thanks so much nigga, i will check it out

[JigglyPute]

lets see nyenyenye

[ZasieuN]

gona read and get sample vuln website

[md5]

Hello, Breachforums community.

I know this is old, but this is a great POC. Ive seen and used it many times to deface sites and get data. All you need to do is search Webmin 1.890 in Censry or Shodan.io, whichever you prefer, then see the port it's on; it's usually on default, then follow instructions on this GitHub script. 

thanks sharing sir

---

Hello, Breachforums community.

I know this is old, but this is a great POC. Ive seen and used it many times to deface sites and get data. All you need to do is search Webmin 1.890 in Censry or Shodan.io, whichever you prefer, then see the port it's on; it's usually on default, then follow instructions on this GitHub script. 

thanks sharing sir

[darkspeed]

thanks for stuffs hope still work at this time