Advisories » TWiki "filename" Parameter Handling Remote Information Disclosure Vulnerability

 

Release Date:	08/09/2006	Severity:	Moderately Critical
SecWatch Advisory:	SWID1015339	Cause:	Input validation error
Solution Status:	Vendor Patch	Impact:	Disclosure of system information
Exploit Status:	PoC Available	Access Vector:	From remote
Affected Software:	TWiki
Original Advisory:	http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2006-4294
References:	FrSIRT/ADV-2006-3524
CVE:	CVE-2006-4294
Secunia:	SA21829

 

Description:

A vulnerability in TWiki has been reported, which can be exploited by remote users to disclose sensitive information.

User-supplied input passed to the "filename" parameter in the viewfile script is not correctly sanitised before being used to view files. This can be exploited to disclose the content of arbitrary files via directory traversal attacks.

 

Affected:

TWiki versions 4.0.0 through 4.0.4.

 

Proof of Concept:

Directory Traversal:
http://[target]/bin/viewfile/TWiki/TWikiDocGraphics?rev=1;filename=../../../../../[file]

 

Solution:

The vulnerability has been fixed, apply Hotfix 3 for TWiki 4.0.4:
http://twiki.org/cgi-bin/view/...n/view/Codev/HotFix04x00x04x03

 

Credits:

The vendor credits Choi Min-sung and Koen Martens.

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

05 Jul 06: TWiki Upload Filter Remote Security Bypass and Arbitrary File Upl..

01 Dec 06: TWiki "ErrorDocument" Directive Handling Remote Authentication By..

19 Jun 06: TWiki Registration Account Override Vulnerability

27 Mar 06: TWiki Restricted Content Access and Remote Denial of Service Vuln..

09 Feb 07: TWiki CGI Session File Unspecified Perl Code Execution Vulnerabil..

[more ...]