Vulnerability & Exploit Database

Back to search

MoinMoin twikidraw Action Traversal File Upload

This module exploits a vulnerability in MoinMoin 1.9.5. The vulnerability exists on the manage of the twikidraw actions, where a traversal path can be used in order to upload arbitrary files. Exploitation is achieved on Apached/mod_wsgi configurations by overwriting moin.wsgi, which allows to execute arbitrary python code, as exploited in the wild on July, 2012. This module is "ManualRanking," and the user is warned to use this module at his own risk since it will overwrite the moin.wsgi file, required for the correct working of the MoinMoin wiki. While the exploit will try to restore the attacked application at post exploitation, successful restoration cannot be guaranteed.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name



  • Unknown
  • HTP
  • juan vazquez <juan.vazquez [at]>



  • MoinMoin 1.9.5


  • unix


  • cmd



Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/unix/webapp/moinmoin_twikidraw msf exploit(moinmoin_twikidraw) > show targets ...targets... msf exploit(moinmoin_twikidraw) > set TARGET <target-id> msf exploit(moinmoin_twikidraw) > show options and set options... msf exploit(moinmoin_twikidraw) > exploit

Related Vulnerabilities