OMG. Is Webmin safe? I can see file codes in Chrome browser without login

Posted by Arwana on Server Fault See other posts from Server Fault or by Arwana
Published on 2010-04-02T11:38:19Z Indexed on 2010/04/02 11:43 UTC
Read the original article Hit count: 307

Filed under:

webmin

When Im in File Manager of Webmin, I can double click and see the codes of the files in new tab in Firefox with its specific URL.

But when I remove ?rand=xxxx... after the file.php and paste the URL in Chrome browser, I still can see the codes.

This is the URL I just pasted in the Chrome browser

http://xxx.xxx.xxx.xxx:10000/file/show.cgi/var/www/html/mysite.com/files/file.php

And then, I logout of webmin, and I change the file.php with other file, I can see the codes.

OMG. Is Webmin safe? and how to secure this?

Related posts about webmin

Using a GoDaddy SSL certificate with Virtualmin (Webmin)

as seen on Server Fault - Search for 'Server Fault'
A client of mine decided to go ahead and move from a self-signed certificate to a commercial one ("GoDaddy Standard SSL"). The first service I wanted to move to the commercial SSL cert was Webmin/Usermin... However, upon migrating to the new SSL cert and restarting Webmin, I got the following error: [21/Oct/2012:13:12:47… >>> More
[Ubuntu 10.04 Desktop] Unable to get Webmin or Vboxdrv to auto start on boot

as seen on Server Fault - Search for 'Server Fault'
Ever since installing Ubuntu 10.04 I've had issues getting things to auto-start. I have installed webmin and VirtualBox but every time I reboot I have to manually run: sudo /etc/init.d/webmin start sudo /etc/init.d/vboxdrv start I have run: sudo update-rc.d -f webmin remove and then hodge@hodge-fs:~$… >>> More
Proxying webmin with nginx

as seen on Server Fault - Search for 'Server Fault'
I am attempting to proxy webmin behind nginx for various reasons that are outside the scope of this question. However I've been trying for a while now and can't seem to figure it out and think I'm to the point where I've exhausted all the permutations of the config file I can think of. What I have… >>> More
virturalmin webmin dose not respond

as seen on Server Fault - Search for 'Server Fault'
I have installed Virtualmin on a CentOS remote server, but it dose not seem to work https://115.146.95.118:10000/ at least the Webmin page dose not work. I have opened those ports http ALLOW 80:80 from 0.0.0.0/0 ALLOW 443:443 from 0.0.0.0/0 ssh ALLOW 22:22 from 0.0.0.0/0 virtualmin ALLOW 20000:20000… >>> More
Webmin and/or port 10000 not working

as seen on Server Fault - Search for 'Server Fault'
I've recently installed Webmin on a Ubuntu server but I can't get it to work. I asked a recent question about saving iptables but it turns out you don't need to "save" iptables changes. Anyway, I still can't get Webmin working after opening the port up: iptables -A INPUT -p tcp -m tcp --dport 10000… >>> More

Developer IT