来源:Webmin官网
发布日期:2021-05-05
阅读次数:6929
评论:0
更新标题
Webmin 1.973 and below - XSS vulnerabilities if Webmin is installed
using the
更新详情
If Webmin is installed using the non-recommended setup.pl script,
checking for unknown referers is not enabled by default. This opens the
system up to XSS and CSRF attacks using malicious links.
Fortunately the standard RPM, Deb, TAR and Solaris packages do not use this
script and so are not vulnerable. If you did install using the
setup.pl script, the vulnerability can be fixed by adding the
line referers_none=1 to /etc/webmin/config .
Thanks to Meshal ( Mesh3l_911 ) @Mesh3l_911 and Mohammed ( Z0ldyck ) @electronicbots for finding and reporting this issue!
软件描述
Webmin是目前功能最强大的基于Web的Unix系统管理工具。管理员通过浏览器访问Webmin的各种管理功能并完成相应的管理动作。
评论