To Whoever this may concern,
I believe the exploit in use on the Python Wiki could have been the
following remote arbitrary code execution exploit that myself and some
fellow researchers have been working with over the past few days. I'm
not sure if this has quite been reported to the Moin development team,
however this exploit would be triggered via a URL much like the following:
http://wiki.python.org/WikiSandBox?action=moinexec&c=uname%20-a
This URL of course would cause for the page to output the contents of
the command "uname -a". I think this is definitely worth your
researchers looking into, and please be sure to credit myself (Robert
'xnite' Whitney; http://xnite.org) for finding & reporting this
vulnerability.
Best of luck,
Robert 'xnite' Whitney
PS - If you have any further questions on this matter for me, please
feel free to us the contact information in my signature below or reply
to this email.
--
xnite (xn...@xnite.org)
Google Voice: 828-45-XNITE (96483)
Web: http://xnite.org
PGP Key: http://xnite.org/pgpkey
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
