what you don't know can hurt you

moinmoin-dos.txt

moinmoin-dos.txt
Posted Nov 9, 2008
Authored by Xia Shing Zee

MoinMoin version 1.5.9 suffers from denial of service and path disclosure vulnerabilities.

tags | exploit, denial of service, vulnerability
MD5 | b65a67fafe8732d4438c22fecf3b1e97

moinmoin-dos.txt

Change Mirror Download
===============================================================
!vuln
MoinMoin v1.5.9 is prone to multiple remote vulnerabilities.
Earlier versions may also be affected.
MoinMoin v1.80 is also affected to a lesser extent.
Other versions may also be affected.
===============================================================

===============================================================
!dork
Dork: "* MoinMoin Powered * Python Powered * Valid HTML 4.01"
===============================================================

===============================================================
!risk 1 - Denial Of Service
Low
The denial of service only results on the end-users side.
===============================================================

===============================================================
!discussion 1 - Denial Of Service

http://wiki.site.org/%08?action=fullsearch&value=linkto%3A%22%0
8%22&context=180

Changing the URL of a linkto URl results in end-user denial of
service conditions if ASCII characters are injected.
===============================================================

===============================================================
!risk 2 - Full Path Disclosure
Medium
Attackers can use this vulnerability to leverage another attack
after the full path has been disclosed.
===============================================================

===============================================================
!discussion 2 - Full Path Disclosure

http://wiki.site.org/VulnVulnVulnVuln/VulnVulnVuln/Vul.........

A remote user is able to identify several details about the
system from the python traceback error after injecting an
extremely long URL string. The uname -a (the platform and OS),

the python release, the full path of the htdocs folder and
python folder, and the version of MoinMoin that is running.
However, MoinMoin v1.80 does not disclose the python release
and the version of MoinMoin.
===============================================================

===============================================================
!solution
MoinMoin can still be used, but be wary of the full path
disclosure. The vendor has not yet been notified.
===============================================================

===============================================================
!greetz
Greetz go out to the people who know me.
===============================================================

===============================================================
!author
Xia Shing Zee
===============================================================
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    5 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close