Detections
Analytics

MoinMoin twikidraw.py Traversal File Upload Arbitrary File Overwrite

high Nessus Plugin ID 63638

Language:

Synopsis

A wiki application on the remote web server is affected by a code execution vulnerability.

Description

The MoinMoin install hosted on the remote web server fails to properly sanitize user-supplied input in the twikidraw (action/twikidraw.py) action. A remote, unauthenticated attacker could utilize a specially crafted request using directory traversal style characters to upload a file containing arbitrary code to the remote host. An attacker could then execute the code with the privileges of the user that runs the MoinMoin process. Successful exploitation requires that the MoinMoin plugin directory has write permission set for the MoinMoin server user.

Note that the 'anywikidraw' action is reportedly also affected by the directory traversal and code execution vulnerabilities. The application is also reportedly affected by an additional directory traversal vulnerability in the action/AttachFile.py script (CVE-2012-6080) as well as a cross-site scripting (XSS) vulnerability when creating an rss link (CVE-2012-6082). Nessus has not, however, tested for these additional issues.

Solution

Upgrade to version 1.9.6 or later.

See Also

http://moinmo.in/SecurityFixes

http://moinmo.in/SecurityFixes/CVE-2012-6081

http://www.nessus.org/u?1f8ddc57

Plugin Details

Severity: High

ID: 63638

File Name: moinmoin_twikidraw_code_exec.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 1/21/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2012-6495

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:moinmo:moinmoin

Required KB Items: www/moinmoin

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 12/29/2012

Vulnerability Publication Date: 12/29/2012

Exploitable With

CANVAS (CANVAS)

Metasploit (MoinMoin twikidraw Action Traversal File Upload)

Elliot (MoinMoin 1.9.5 RCE)

Reference Information

CVE: CVE-2012-6081, CVE-2012-6495

BID: 57082, 57147