TWiki TWikiUsers - Arbitrary Command Execution

EDB-ID:

26260


Author:

B4dP4nd4

Type:

webapps


Platform:

PHP

Date:

2005-09-14


source: https://www.securityfocus.com/bid/14834/info

A remote command execution vulnerability affects the application.

The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell.

This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access. 

http://www.example.com/cgi-bin/view/Main/TWikiUsers?rev=2%20%7Cless%20/etc/passwd