POC-CVE-2019-15107
by GYATT - Saturday November 16, 2024 at 08:35 PM
Fraudster

Posts: 143
Threads: 34
Joined: Aug 2024
Reputation: 388

#1
11-16-2024, 08:35 PM
Hello, Breachforums community.

I know this is old, but this is a great POC. Ive seen and used it many times to deface sites and get data. All you need to do is search Webmin 1.890 in Censry or Shodan.io, whichever you prefer, then see the port it's on; it's usually on default, then follow instructions on this GitHub script. 

Hidden Content
You must register or login to view this content.
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Threatening forum members
Reply
Breached
Member
Posts: 79
Threads: 13
Joined: Aug 2024
Reputation: 413

#2
11-16-2024, 08:55 PM
A command injection in the password_change.cgi , so when reseting password the HTTP parameter 'expire' wasn't filtering user inputs , so for poc they did sent an ' echo random string' and if it returned output it shows as vulnerable , for RCE , you just have to send the commands you want to execute rather than random string . Intrestingggg :kitten2:
Reply
Breached
Member
Posts: 45
Threads: 4
Joined: Oct 2024
Reputation: 30

#3
11-20-2024, 03:50 PM
aight thank you bro i'll check it out
Reply
Advanced User

Posts: 50
Threads: 10
Joined: Mar 2024
Reputation: 2

#4
11-24-2024, 07:43 PM
thanks so much nigga, i will check it out
Reply
Breached
Member
Posts: 34
Threads: 2
Joined: Dec 2023
Reputation: 0

#5
12-08-2024, 06:27 PM
lets see nyenyenye
Reply
Breached
Member
Posts: 41
Threads: 2
Joined: Jul 2023
Reputation: 0

#6
12-13-2024, 02:37 PM
gona read and get sample vuln website
Reply
Breached
Member
Posts: 20
Threads: 0
Joined: Jan 2025
Reputation: 0

#7
01-31-2025, 09:08 PM (This post was last modified: 01-31-2025, 09:08 PM by md5.)
(11-16-2024, 08:35 PM)GYATT Wrote: Hello, Breachforums community.

I know this is old, but this is a great POC. Ive seen and used it many times to deface sites and get data. All you need to do is search Webmin 1.890 in Censry or Shodan.io, whichever you prefer, then see the port it's on; it's usually on default, then follow instructions on this GitHub script. 
thanks sharing sir
(11-16-2024, 08:35 PM)GYATT Wrote: Hello, Breachforums community.

I know this is old, but this is a great POC. Ive seen and used it many times to deface sites and get data. All you need to do is search Webmin 1.890 in Censry or Shodan.io, whichever you prefer, then see the port it's on; it's usually on default, then follow instructions on this GitHub script. 
thanks sharing sir
Reply
Advanced User

Posts: 74
Threads: 4
Joined: Jan 2024
Reputation: 0

#8
02-05-2025, 01:54 PM
thanks for stuffs hope still work at this time
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  new wordpress website takeover vuln (video + poc ) zinzeur 313 27,277 03-28-2026, 02:43 AM
Last Post: toshi99
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 106 13,201 02-10-2026, 03:34 PM
Last Post: birhikayemvar
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,092 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 73 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 805 02-07-2026, 08:53 AM
Last Post: hacker0123



 Users browsing this thread: