CVE-2006-3392

This exploit leverages a directory traversal vulnerability in Webmin and Usermin versions prior to 1.29x to disclose arbitrary files. It constructs a malicious URL with encoded traversal sequences to bypass authentication and retrieve file contents via HTTP/HTTPS.

This exploit leverages a directory traversal vulnerability in Webmin/Usermin (CVE-2006-3392) to disclose arbitrary files by manipulating the URL path with encoded traversal sequences. It uses cURL to fetch the target file and outputs its contents.

This repository contains a functional bash script that exploits CVE-2006-3392, an arbitrary file disclosure vulnerability in Webmin < 1.290 and Usermin < 1.220. The script uses a directory traversal technique with URL-encoded null bytes to read arbitrary files from the target system.

The repository contains a functional Python exploit for CVE-2006-3392, which leverages a directory traversal vulnerability in Webmin/Usermin by using '..%01' sequences to bypass path sanitization and read arbitrary files. The PoC demonstrates file reading via crafted HTTP requests.

The repository contains a functional exploit script for CVE-2006-3392, which leverages a path traversal vulnerability in Webmin/Usermin due to improper handling of URL-encoded sequences like '..%01'. The exploit uses a crafted URL to disclose arbitrary files from the target system.

This Python script exploits CVE-2006-3392, an arbitrary file disclosure vulnerability in Webmin/Usermin. It constructs a URL with a path traversal payload ('/.%01' repeated 40 times) to bypass authentication and read arbitrary files from the server.

The repository contains a functional Python exploit for CVE-2006-3392, a directory traversal vulnerability in Webmin. The exploit constructs a malicious URL with a payload of '..%01/' repeated 12 times to bypass authentication and access arbitrary files on the target system.

The repository contains a functional exploit for CVE-2006-3392, targeting Webmin and Usermin versions before 1.290 and 1.220, respectively. The exploit leverages a path traversal vulnerability by using encoded sequences (e.g., '..%01') to bypass path simplification and read arbitrary files.

The repository contains a functional Python script that exploits CVE-2006-3392, a directory traversal vulnerability in Webmin/Usermin, allowing arbitrary file disclosure via a crafted HTTP request with path traversal sequences.

This Metasploit auxiliary module exploits a directory traversal vulnerability in Webmin and Usermin to disclose arbitrary file contents without authentication. It constructs a malicious URI with encoded traversal sequences to bypass access controls.