moinmoin-dos.txt

moinmoin-dos.txt: Posted Nov 9, 2008; Authored by Xia Shing Zee; MoinMoin version 1.5.9 suffers from denial of service and path disclosure vulnerabilities.; tags | exploit, denial of service, vulnerability; SHA-256 | 69551d639e909c8105507593eda4f7945172f4e91bf44a580a6c4db9f7308eaf; Download | Favorite | View

moinmoin-dos.txt

===============================================================
!vuln
MoinMoin v1.5.9 is prone to multiple remote vulnerabilities.
Earlier versions may also be affected.
MoinMoin v1.80 is also affected to a lesser extent.
Other versions may also be affected.
===============================================================

===============================================================
!dork
Dork: "* MoinMoin Powered * Python Powered * Valid HTML 4.01"
===============================================================

===============================================================
!risk 1 - Denial Of Service
Low
The denial of service only results on the end-users side.
===============================================================

===============================================================
!discussion 1 - Denial Of Service

http://wiki.site.org/%08?action=fullsearch&value=linkto%3A%22%0
8%22&context=180

Changing the URL of a linkto URl results in end-user denial of
service conditions if ASCII characters are injected.
===============================================================

===============================================================
!risk 2 - Full Path Disclosure
Medium
Attackers can use this vulnerability to leverage another attack
after the full path has been disclosed.
===============================================================

===============================================================
!discussion 2 - Full Path Disclosure

http://wiki.site.org/VulnVulnVulnVuln/VulnVulnVuln/Vul.........

A remote user is able to identify several details about the
system from the python traceback error after injecting an 
extremely long URL string. The uname -a (the platform and OS),

the python release, the full path of the htdocs folder and 
python folder, and the version of MoinMoin that is running. 
However, MoinMoin v1.80 does not disclose the python release 
and the version of MoinMoin.
===============================================================

===============================================================
!solution
MoinMoin can still be used, but be wary of the full path
disclosure. The vendor has not yet been notified.
===============================================================

===============================================================
!greetz
Greetz go out to the people who know me.
===============================================================

===============================================================
!author
Xia Shing Zee
===============================================================

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

moinmoin-dos.txt

moinmoin-dos.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

moinmoin-dos.txt

Share This

moinmoin-dos.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems