CVE-2005-2877
published 2005-09-16CVE-2005-2877: The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as…
PriorityP260high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
71.10%
99.3th percentile
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP requests to TWiki's view script targeting TWikiUsers with a 'rev' parameter containing shell metacharacters (backtick, pipe '|', semicolon ';'). ↗
- →Alert on URL-encoded shell metacharacters in the 'rev' query parameter, e.g. %60 (backtick), %7C (pipe), %3B (semicolon) in requests to /cgi-bin/view/Main/TWikiUsers or equivalent TWiki view paths. ↗
- →The exploit uses backtick command substitution injected into the rev parameter (e.g. '1 `touch file`#'); detect backtick characters or '#' terminators in the rev parameter value. ↗
- →Affected TWiki versions to target for detection/patching: 20040902, 20040901, 20030201, 20011201, 20001201. ↗
- ·The exploit runs in the context of the web server user (privileged flag set to true in the module), meaning command execution occurs with web server privileges, not necessarily root. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TWiki History TWikiUsers - 'rev' Command Execution (Metasploit)
exploitdb·2010-07-03
CVE-2005-2877 TWiki History TWikiUsers - 'rev' Command Execution (Metasploit)
TWiki History TWikiUsers - 'rev' Command Execution (Metasploit)
---
##
# $Id: twiki_history.rb 9671 2010-07-03 06:21:31Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'TWiki History TWikiUsers rev Parameter Command Execution',
'Description' => %q{
This module exploits a vulnerability in the history component of TWiki.
By passing a 'rev' parameter containing shell metacharacters to the TWikiUsers
script, an attacker can execute arbitrary OS commands.
},
'Author' =>
[
'B4dP4nd4', # original discovery
'jduck' # metasploit version
],
'
Exploit-DB
TWiki TWikiUsers - INCLUDE Function Arbitrary Command Execution
exploitdb·2005-09-28
CVE-2005-2877 TWiki TWikiUsers - INCLUDE Function Arbitrary Command Execution
TWiki TWikiUsers - INCLUDE Function Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/14960/info
A remote command execution vulnerability affects the application.
The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell.
This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access.
%INCLUDE{ "Main.TWikiUsers" rev="2|less /etc/passwd" }%
Exploit-DB
TWiki TWikiUsers - Arbitrary Command Execution
exploitdb·2005-09-14
CVE-2005-2877 TWiki TWikiUsers - Arbitrary Command Execution
TWiki TWikiUsers - Arbitrary Command Execution
---
source: https://www.securityfocus.com/bid/14834/info
A remote command execution vulnerability affects the application.
The revision control function of the TWikiUsers script uses the backtick shell metacharacter to construct a command line. An attacker may use a specially crafted URI to execute arbitrary commands through the shell.
This attack would occur in the context of the vulnerable application and can facilitate unauthorized remote access.
http://www.example.com/cgi-bin/view/Main/TWikiUsers?rev=2%20%7Cless%20/etc/passwd
Metasploit
TWiki History Function Arbitrary Command Execution
metasploit
TWiki History Function Arbitrary Command Execution
TWiki History Function Arbitrary Command Execution
This module exploits a vulnerability in the history component of TWiki. By passing a 'rev' parameter containing shell metacharacters, an attacker can execute arbitrary OS commands. Affected versions: - 20040902 - 20040901 - 20030201 - 20011201 - 20001201
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112680475417550&w=2http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRevhttp://www.kb.cert.org/vuls/id/757181http://www.securityfocus.com/bid/14834http://marc.info/?l=bugtraq&m=112680475417550&w=2http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRevhttp://www.kb.cert.org/vuls/id/757181http://www.securityfocus.com/bid/14834
2005-09-16
Published