[CentOS] webmin
Jack Bailey
jack at internetguy.net
Fri Sep 21 10:47:09 UTC 2007
> I really, really, really, really, really, really wouldn't recommend
> installing that version, as it is really, really, really, really,
> really old.
>
> On the other hand I wouldn't recommend installing webmin anyway - but if
> you have to take the rpm from webmin.com (if that is installable on
> CentOS, no idea there).
Me neither. I once found this on a guy's server:
<?php
/*
Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability
Date : 2006-06-30
Patch : update to version 1.290
Advisory :
http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html
Coded by joffer , http://securitydot.net
*/
$host = $argv[1];
$port = $argv[2];
$http = $argv[3];
$file = $argv[4];
// CHECKING THE INPUT
if($host != "" && $port != "" && $http != "" && $file != "") {
[snip]
More information about the CentOS
mailing list