BugTraq
Multiple remote vulnerabilities MoinMoin v1.80 Nov 09 2008 03:09AM
XiaShing gmail com
===============================================================

!vuln

MoinMoin v1.5.9 is prone to multiple remote vulnerabilities.

Earlier versions may also be affected.

MoinMoin v1.80 is also affected to a lesser extent.

Other versions may also be affected.

===============================================================

===============================================================

!dork

Dork: "* MoinMoin Powered * Python Powered * Valid HTML 4.01"

===============================================================

===============================================================

!risk 1 - Denial Of Service

Low

The denial of service only results on the end-users side.

===============================================================

===============================================================

!discussion 1 - Denial Of Service

http://wiki.site.org/%08?action=fullsearch&value=linkto%3A%22%0

8%22&context=180

Changing the URL of a linkto URl results in end-user denial of

service conditions if ASCII characters are injected.

===============================================================

===============================================================

!risk 2 - Full Path Disclosure

Medium

Attackers can use this vulnerability to leverage another attack

after the full path has been disclosed.

===============================================================

===============================================================

!discussion 2 - Full Path Disclosure

http://wiki.site.org/VulnVulnVulnVuln/VulnVulnVuln/Vul.........

A remote user is able to identify several details about the

system from the python traceback error after injecting an

extremely long URL string. The uname -a (the platform and OS),

the python release, the full path of the htdocs folder and

python folder, and the version of MoinMoin that is running.

However, MoinMoin v1.80 does not disclose the python release

and the version of MoinMoin.

===============================================================

===============================================================

!solution

MoinMoin can still be used, but be wary of the full path

disclosure. The vendor has not yet been notified.

===============================================================

===============================================================

!greetz

Greetz go out to the people who know me.

===============================================================

===============================================================

!author

Xia Shing Zee

===============================================================

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus