CVE-2022-0824

This exploit leverages an authenticated RCE vulnerability in Webmin <= 1.984 by uploading a malicious Perl reverse shell script via the file manager extension and executing it. It requires valid credentials and a listener setup for the reverse shell.

This is a functional exploit for CVE-2022-0824, targeting Webmin's File Manager privilege escalation vulnerability. It leverages improper access control to download and execute a reverse shell payload with root privileges.

This repository provides a Docker-based deployment of Webmin 1.984, which is vulnerable to an authenticated RCE exploit (CVE-2022-0824). The vulnerability allows low-privilege users to execute arbitrary commands via the File Manager module by chaining file download and permission modification functionalities.

This Go-based exploit targets CVE-2022-0824 in Webmin <= 1.984, leveraging a BAC vulnerability to upload a Perl reverse shell payload, modify its permissions, and execute it. It requires valid credentials and a callback listener.

This repository contains an enhanced exploit for CVE-2022-0824, a critical arbitrary file upload vulnerability in Webmin. The exploit supports both direct command execution and reverse shell modes, with multiple payload types and intelligent file management.

This PoC exploits CVE-2022-0824 in Webmin by leveraging improper access control to upload a malicious CGI file via the File Manager module, then executing it to achieve remote code execution (RCE). The exploit involves authentication, file upload, permission modification, and reverse shell execution.

This Metasploit module exploits CVE-2022-0824 in Webmin 1.984 by chaining file download and permission modification functionalities to achieve RCE via a crafted .cgi file. It authenticates as a low-privilege user, downloads a malicious payload, sets executable permissions, and triggers execution.