Webmin 4Ô¶à¸öÇå¾²Îó²î

Ðû²¼Ê±¼ä 2021-04-25

0x00 Îó²î¸ÅÊö

²úÆ·Ãû³Æ

CVE ID

Àà   ÐÍ

Îó²îÆ·¼¶

Ô¶³ÌʹÓÃ

Ó°Ïì¹æÄ£

Webmin

CVE-2021-31760

RCE

¸ßΣ

ÊÇ

Webmin <= 1.973

CVE-2021-31761

RCE

¸ßΣ

ÊÇ

CVE-2021-31762

RCE

¸ßΣ

ÊÇ

 

0x01 Îó²îÏêÇé

image.png

WebminÊÇÒ»¸ö»ùÓÚWebµÄUnixϵͳÖÎÀí¹¤¾ß£¬£¬£¬£¬£¬£¬£¬ÖÎÀíÔ±¿ÉÒÔͨ¹ýä¯ÀÀÆ÷£¨HTTPS£©»á¼ûWebminÒÔʵÏÖWEB½çÃæÖÎÀíÖ÷»ú£¬£¬£¬£¬£¬£¬£¬ËüÔÚÈ«Çò¹æÄ£ÄÚÒѾ­Áè¼Ý°ÙÍò´Î×°Öᣡ£¡£¡£¡£¡£¡£

¿ËÈÕ£¬£¬£¬£¬£¬£¬£¬Webmin±»Åû¶±£´æ¶à¸öÇå¾²Îó²î£¬£¬£¬£¬£¬£¬£¬Îó²î×·×ÙΪCVE-2021-31760¡¢CVE-2021-31761ºÍCVE-2021-31762¡£¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔͨ¹ýÌᳫCSRF»òXSS¹¥»÷£¬£¬£¬£¬£¬£¬£¬×îÖÕʵÏÖÔ¶³ÌÏÂÁîÖ´ÐС£¡£¡£¡£¡£¡£¡£ÏÖÔÚÕâЩÎó²îµÄPoC/EXPÒѹûÕæ¡£¡£¡£¡£¡£¡£¡£

WebminÔ¶³ÌÏÂÁîÖ´ÐÐÎó²î£¨CVE-2021-31760£©

¹¥»÷Õß¿ÉÒÔͨ¹ý¿çÕ¾ÇëÇóαÔ죨CSRF£©¹¥»÷ʵÏÖÔ¶³ÌÏÂÁîÖ´ÐС£¡£¡£¡£¡£¡£¡£

image.png

 

 

WebminÔ¶³ÌÏÂÁîÖ´ÐÐÎó²î£¨CVE-2021-31761£©

¹¥»÷Õß¿ÉÒÔͨ¹ý·´ÉäÐÍ¿çÕ¾¾ç±¾£¨XSS£©¹¥»÷ʵÏÖÔ¶³ÌÏÂÁîÖ´ÐС£¡£¡£¡£¡£¡£¡£

image.png

 

 

WebminÔ¶³ÌÏÂÁîÖ´ÐÐÎó²î£¨CVE-2021-31762£©

¹¥»÷Õß¿ÉÒÔʹÓÿçÕ¾ÇëÇóαÔ죨CSRF£©¹¥»÷ͨ¹ýWebminµÄÌí¼ÓÓû§¹¦Ð§½¨ÉèÒ»¸öÌØȨÓû§£¬£¬£¬£¬£¬£¬£¬È»ºó·´µ¯shell»ñȡȨÏÞ¡£¡£¡£¡£¡£¡£¡£

image.png

 

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚGithubÖÐWebminµÄ×îа汾Ϊ1.973£¬£¬£¬£¬£¬£¬£¬ÔÝδÐû²¼¸ü¸ß°æ±¾»òÇå¾²¸üÐÂÀ´ÐÞ¸´´ËÎó²î£¬£¬£¬£¬£¬£¬£¬½¨Òé¹Ø×¢WebminµÄÇå¾²¸üС£¡£¡£¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://github.com/webmin/webmin

 

0x03 ²Î¿¼Á´½Ó

https://github.com/electronicbots/CVE-2021-31760

https://github.com/electronicbots/CVE-2021-31761

https://github.com/electronicbots/CVE-2021-31762

https://github.com/electronicbots/CVE-2021-31760/blob/main/RCE_eXploit.py

https://github.com/electronicbots/CVE-2021-31761/blob/main/eXploit.py

https://github.com/electronicbots/CVE-2021-31762/blob/main/eXploit.py

 

0x04 ʱ¼äÏß

2021-04-25  Îó²î¹ûÕæ

2021-04-25  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png