Vulnerabilities > CVE-2006-3336 - Unspecified vulnerability in Twiki
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN twiki
nessus
Summary
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Nessus
NASL family | FreeBSD Local Security Checks |
NASL id | FREEBSD_PKG_A876DF840FEF11DBAC96000C6EC775D9.NASL |
description | A TWiki Security Alert reports : The TWiki upload filter already prevents executable scripts such as .php, .php1, .phps, .pl from potentially getting executed by appending a .txt suffix to the uploaded filename. However, PHP and some other types allows additional file suffixes, such as .php.en, .php.1, and .php.2. TWiki does not check for these suffixes, e.g. it is possible to upload php scripts with such suffixes without the .txt filename padding. This issue can also be worked around with a restrictive web server configuration. See the TWiki Security Alert for more information about how to do this. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22007 |
published | 2006-07-10 |
reporter | This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/22007 |
title | FreeBSD : twiki -- multiple file extensions file upload vulnerability (a876df84-0fef-11db-ac96-000c6ec775d9) |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 18854 CVE(CAN) ID: CVE-2006-3336 TWiki是一款灵活易用、功能强大的企业协作平台。 TWiki对上传文件的后缀检查过滤不充分,远程攻击者可能利用此漏洞上传脚本文件执行,从而以Web进程权限在服务器上执行任意命令。 TWiki上传过滤器可以在上传的文件名后附加.txt后缀,以防执行.php、.php1、.phps、.pl之类的可执行脚本。但是,PHP和其他一些类型允许额外的文件后缀,如.php.en、.php.1和.php.2等。TWiki没有检查这些后缀,也就是可能没有添加.txt文件名后缀便上传一些PHP脚本,导致执行任意代码。 0 TWiki TWiki 4.0.3 TWiki TWiki 4.0.2 TWiki TWiki 4.0.1 TWiki TWiki 4.0.0 TWiki ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x00x04 target=_blank>http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x00x04</a> <a href=http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads#Hotfixes target=_blank>http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads#Hotfixes</a> |
id | SSV:2686 |
last seen | 2017-11-19 |
modified | 2007-12-26 |
published | 2007-12-26 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-2686 |
title | TWiki脚本文件上传漏洞 |
References
- http://secunia.com/advisories/20992
- http://secunia.com/advisories/20992
- http://securitytracker.com/id?1016458
- http://securitytracker.com/id?1016458
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads
- http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads
- http://www.securityfocus.com/bid/18854
- http://www.securityfocus.com/bid/18854
- http://www.vupen.com/english/advisories/2006/2677
- http://www.vupen.com/english/advisories/2006/2677