Webmin File Disclosure Exploit (CVE2006-3392) Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Webmin File Disclosure Exploit (CVE2006-3392) Scanner Detail

Permits remote attackers to read arbitrary files.

Exploits a file disclosure vulnerability in Webmin (CVE-2006-3392) Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML. This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences to bypass the removal of "../" directory traversal sequences.

Some Advice for Common Problems

Upgrade to Webmin 1.290 or later.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service