Uploaded image for project: 'Admin Tools Application'
  1. Admin Tools Application
  2. ADMINTOOL-91

Run Shell Command allows CSRF RCE attacks

    XMLWordPrintable

Details

    • Unknown
    • N/A
    • N/A

    Description

      Steps to reproduce:

      1. Create a comment on the wiki with an image with URL /xwiki/bin/view/Admin/RunShellCommand?command=touch%20/tmp/attacked
      2.  Wait for an admin to view the comment.

      Expected result:

      No file is created in /tmp

      Actual result:

      A file "attacked" is created in /tmp.

      Note that the same attack vector can also be used for XWiki syntax injection by simply echoing the desired syntax prefixed by 

      {{/code}}

      which may be more useful to executed Groovy code with programming right.

      Attachments

        Issue Links

          is caused by

          New Feature - A new feature of the product, which has yet to be developed. ADMINTOOL-71 Include the "run shell command" tool in the admin tools

          • Major - Major loss of function.
          • Closed
          links to

          Web Link Security Advisory

          Activity

            People

              MichaelHamann Michael Hamann
              MichaelHamann Michael Hamann
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: