Wednesday, 24 April 2013

CVE-2012-6081

When you see that a bug in a Wiki engine used by Python and Debian gets published and got used to own them, you know that there is something interesting to look at...

This bug is a really simple directory traversal that you can use to write an arbitrary file on the system. The beauty of it is its exploitation (based on an exploit found on pastebin), the exploit bypasses 5 restrictions:


  1. It's valid python code.
  2. It starts with  the string `drawing.`.
  3. It contains `def execute(p,r):` to be a valid MoinMoin plugin.
  4. It does not contain any dot (`.`)
  5. It is less than 100 characters (due to the tar format).

If you want to know more, check out our latest exercise on cve-2012-6081.