Bugtraq: Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution

Nmap Security Scanner

Intro

Docs
Security Lists

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution

From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 16 Nov 2004 09:01:48 +0100

* Hans Ulrich Niedermann:

DETAILS

The TWiki search function uses a user supplied search string to
compose a command line executed by the Perl backtick (``) operator.


The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2004-1037 to this issue.

Current thread:

TWiki search function allows arbitrary shell command execution Hans Ulrich Niedermann (Nov 13)
- Re: [Full-Disclosure] TWiki search function allows arbitrary shell command execution Florian Weimer (Nov 16)