Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
On 7/9/06, Alexander Hristov <joffer@xxxxxxxxx> wrote:
Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit
Link :
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html
Date : 2006-06-30
Patch : update to version 1.290
Advisory :
http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html
Has anyone tested this? I've just tested this in Webmin 1.180 (Debian
3.1, package revision number 3) and didn't work (I had to explicitly
allow the attacker IP to the miniserv.conf, which is not the default
configuration in Debian and, I think, in Webmin's original tar.gz)
Jose