Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
From: str0ke <str0ke () milw0rm com>
Date: Sat, 15 Jul 2006 15:29:22 -0500

Jose,

It works just fine.  Tested on 7 test-bed hosts without an issue.

/str0ke

On 7/10/06, José Parrella <joseparrella () gmail com> wrote:
On 7/9/06, Alexander Hristov <joffer () gmail com> wrote:
> Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
> Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html
> Date :  2006-06-30
> Patch : update to version 1.290
> Advisory : http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html

Has anyone tested this? I've just tested this in Webmin 1.180 (Debian
3.1, package revision number 3) and didn't work (I had to explicitly
allow the attacker IP to the miniserv.conf, which is not the default
configuration in Debian and, I think, in Webmin's original tar.gz)

Jose



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]