This is exploitable - Immunity has a PoC exploit in our Partner's
section written by Bas Alberts.
Thanks,
Dave Aitel
Immunity, Inc.
[EMAIL PROTECTED] wrote:
Hello!
I succeeded in crashing webmin 1.230 with:
username %n
password aaaa
after klicking 4 times on "Login" webmin was dead.
There were no logs at all, and no error was shown in the web interface...
Any idea if it's really exploitable (executing code I mean)? Is anyone working
on a POC?
[EMAIL PROTECTED]
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
