CVE-2008-1230
published 2008-03-10CVE-2008-1230: Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified…
PriorityP258critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
4.41%
90.1th percentile
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jspwiki | jspwiki | — | — |
| jspwiki | jspwiki | — | — |
| jspwiki | jspwiki | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://server/JSPWikiPath/Edit.jsp?page=Main&editor=%3Cscript%3Ealert(document.cookie)%3C/script%3E↗
- →Detect path traversal attempts in the 'editor' parameter of Edit.jsp — sequences of '../../../' targeting .jsp files indicate local file inclusion exploitation. ↗
- →Monitor HTTP requests to Edit.jsp where the 'editor' parameter contains directory traversal sequences (e.g., '../') combined with known sensitive paths such as 'Install' or 'admin/SecurityConfig'. ↗
- →Alert on file upload requests to JSPWiki attachment endpoints where the uploaded file has a .jsp extension, indicating attempted webshell/malicious JSP upload. ↗
- →Detect XSS attempts via URL-encoded script tags in the 'editor' parameter of Edit.jsp (e.g., %3Cscript%3E patterns). ↗
- ·The file inclusion vulnerability requires the 'page' parameter to reference an existing page on the server; exploitation is conditional on valid page enumeration. ↗
- ·The unrestricted file upload attack chain is facilitated by information disclosed via the Install.jsp inclusion (full path, storage path, log/work directories), meaning the LFI vector is a prerequisite for reliable .jsp upload exploitation. ↗
- ·Earlier versions of JSPWiki beyond the tested 2.4.104 and 2.5.139 may also be affected and should be considered in scope for detection. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=120300554011544&w=2http://secunia.com/advisories/28969http://www.bugsec.com/articles.php?Security=48&Web-Application-Firewall=0http://www.securityfocus.com/bid/27785https://exchange.xforce.ibmcloud.com/vulnerabilities/40511https://www.exploit-db.com/exploits/5112http://marc.info/?l=bugtraq&m=120300554011544&w=2http://secunia.com/advisories/28969http://www.bugsec.com/articles.php?Security=48&Web-Application-Firewall=0http://www.securityfocus.com/bid/27785https://exchange.xforce.ibmcloud.com/vulnerabilities/40511https://www.exploit-db.com/exploits/5112
2008-03-10
Published