Published: 06/07/2006 Updated: 18/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 542

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Webmin prior to 1.290 and Usermin prior to 1.220 calls the simplify_path function before decoding HTML, which allows remote malicious users to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webmin webmin
usermin usermin

Several vulnerabilities have been identified in webmin, a web-based administration toolkit The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2005-3912 A format string vulnerability in miniservpl could allow an attacker to cause a denial of service by crashing the application or exhausting system re ...

<?php /* Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability Date : 2006-06-30 Patch : update to version 1290 Advisory : securitydotnet/vuln/exploits/vulnerabilities/articles/17885/vulnhtml Coded by joffer , securitydotnet */ $host = $argv[1]; $port = $argv[2]; $http = $argv[3]; $file = $argv[4]; // CHECKING THE I ...

#!/usr/bin/perl # Exploit for WEBMIN and USERMIN less than 129x # ARBITARY REMOTE FILE DISCLOSURE # WORKS FOR HTTP AND HTTPS (NOW) # Thrusday 13th July 2006 # Vulnerability Disclosure at securitydotnet # Coded by UmZ! umz32dll _at_ gmailcom # # # # Make sure you have LWP before using this exploit # USE IT AT YOUR OWN ...

Exploits a file disclosure vulnerability in Webmin (CVE-2006-3392)

nmap -sV --script http-vuln-cve2006-3392 <target>
nmap -p80 --script http-vuln-cve2006-3392 --script-args http-vuln-cve2006-3392.file=/etc/shadow <target>

PORT   STATE SERVICE REASON
10000/tcp open  webmin    syn-ack
| http-vuln-cve2006-3392:
|   VULNERABLE:
|   Webmin File Disclosure
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2006-3392
|     Description:
|       Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML.
|       This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
|       to bypass the removal of "../" directory traversal sequences.
|     Disclosure date: 2006
|     Extra information:
|       Proof of Concept:/unauthenticated/..%01/..%01/(..)/etc/passwd
|     References:
|       http://www.rapid7.com/db/modules/auxiliary/admin/webmin/file_disclosure
|_      http://www.exploit-db.com/exploits/1997/

Exploits a file disclosure vulnerability in Webmin (CVE-2006-3392)

nmap -sV --script http-vuln-cve2006-3392 <target>
nmap -p80 --script http-vuln-cve2006-3392 --script-args http-vuln-cve2006-3392.file=/etc/shadow <target>

PORT   STATE SERVICE REASON
10000/tcp open  webmin    syn-ack
| http-vuln-cve2006-3392:
|   VULNERABLE:
|   Webmin File Disclosure
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2006-3392
|     Description:
|       Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML.
|       This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences
|       to bypass the removal of "../" directory traversal sequences.
|     Disclosure date: 2006
|     Extra information:
|       Proof of Concept:/unauthenticated/..%01/..%01/(..)/etc/passwd
|     References:
|       http://www.rapid7.com/db/modules/auxiliary/admin/webmin/file_disclosure
|_      http://www.exploit-db.com/exploits/1997/

CVE-2006-3392 Description Webmin before 1290 and Usermin before 1220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "%01" sequences, which bypass the removal of "/" sequences before bytes such as "%01" are removed from the filename NOTE: This is a different

Webmin < 1.290 / Usermin < 1.220 - Arbitrary file disclosure

CVE-2006-3392 wwwcvedetailscom/cve/CVE-2006-3392/ Webmin before 1290 and Usermin before 1220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "%01" sequences, which bypass the removal of "/" sequences before bytes such as "%01" are removed from the fi

PentestPwnOs Table of Contents Network Footprinting (Reconnaissance) netdiscover - Find the pwnOS IP Adress ┌──(kali㉿kali)-[~] └─$ netdiscover --help -i device: your network device -r range: scan a given range instead of auto scan 19216860/24,/16,/8 -P print results in a format suitable for parsing by another program and stop

Python script to exploit webmin vulnerability cve-2006-3392

Script Webmin Project created by: Gabriel Jose Python script to exploit webmin vulnerability cve-2006-3392 Example of how to use /exploitWebminpy -pt http -t host -p port -f file /exploitWebminpy -pt http -t 127001 -p 10000 -f /etc/passwd

No Cap

AonSploit No Cap Hầu hết các CVE này cũng được công nhận bởi oxagast Đây là một fuzzer, được viết bằng BASH SHELL, được thiết kế để tìm lỗi trong các chương trình BASH SHELL Đây là một công cụ để xây dựng danh sách từ dựa trên những

Collection of bash scripts I wrote to make my life easier or test myself that you may find useful.

Bash Collection of bash tools I wrote to make my life easier or test myself The help switch defined for these scripts is written with the assumption these exist in a PATH environmnet variable Typically commands such as these should be placed in /usr/local/bin This is considered best practice for Linux Most of these tools will be useful to Red Teamers ADD COMMANDS TO /usr/l

This small script helps to avoid using MetaSploit (msfconsole) during the Enterprise pentests and OSCP-like exams. Grep included function will help you to get only the important information.

CVE-2006-3392 About the vulnerability A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people to disclose potentially sensitive information The vulnerability is caused due to an unspecified error within the handling of an URL This can be exploited to read the contents of any files on the server via a specially crafted URL, without r

NVD-CWE-Other http://attrition.org/pipermail/vim/2006-June/000912.html http://www.webmin.com/changes.html http://www.osvdb.org/26772 http://secunia.com/advisories/20892 http://www.kb.cert.org/vuls/id/999601 http://attrition.org/pipermail/vim/2006-July/000923.html http://www.securityfocus.com/bid/18744 http://secunia.com/advisories/21105 http://security.gentoo.org/glsa/glsa-200608-11.xml http://secunia.com/advisories/21365 http://www.debian.org/security/2006/dsa-1199 http://secunia.com/advisories/22556 http://www.securityfocus.com/archive/1/440466/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2006:125 http://www.vupen.com/english/advisories/2006/2612 http://www.securityfocus.com/archive/1/440493/100/0/threaded http://www.securityfocus.com/archive/1/440125/100/0/threaded http://www.securityfocus.com/archive/1/439653/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1199 https://www.exploit-db.com/exploits/1997/https://github.com/g1vi/CVE-2006-3392 https://www.kb.cert.org/vuls/id/999601

CVE-2006-3392

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Nmap Scripts

Github Repositories

References

Vulmon Search

About

Products

Connect