CVE-2006-3819

TWiki 4.0.0-4.0.4 - Remote Code Execution via Configure Script TYPEOF Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3819. PoCs published by Javier Olascoaga.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in TWiki's configure script by sending a crafted POST request with a payload that executes arbitrary commands via the `system` function. The exploit allows remote code execution (RCE) on the target server.

Description

Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".

Exploits (1)

exploitdb WORKING POC VERIFIED

by Javier Olascoaga · perlwebappsphp

https://www.exploit-db.com/exploits/2143

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in TWiki's configure script by sending a crafted POST request with a payload that executes arbitrary commands via the `system` function. The exploit allows remote code execution (RCE) on the target server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: TWiki (version not specified, likely older versions)

No auth needed

Prerequisites: Network access to the target TWiki instance · TWiki configure script accessible at the specified path

MITRE ATT&CK