MoinMoin twikidraw Action Traversal File Upload
This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/mod_wsgi configurations by overwriting moin.wsgi, which allows to execute arbitrary python code, as exploited in the wild on July, 2012. This module is "ManualRanking," and the user is warned to use this module at his own risk since it will overwrite the moin.wsgi file, required for the correct working of the MoinMoin wiki. While the exploit will try to restore the attacked application at post exploitation, successful restoration cannot be guaranteed.
- juan vazquez <juan.vazquez [at] metasploit.com>
- MoinMoin 1.9.5
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use exploit/unix/webapp/moinmoin_twikidraw msf exploit(moinmoin_twikidraw) > show targets ...targets... msf exploit(moinmoin_twikidraw) > set TARGET <target-id> msf exploit(moinmoin_twikidraw) > show options ...show and set options... msf exploit(moinmoin_twikidraw) > exploit