[Python-Dev] FYI - wiki.python.org compromised

Robert Whitney xnite at xnite.org
Thu Jan 10 21:27:06 CET 2013

To Whoever this may concern,

	I believe the exploit in use on the Python Wiki could have been the 
following remote arbitrary code execution exploit that myself and some 
fellow researchers have been working with over the past few days. I'm 
not sure if this has quite been reported to the Moin development team, 
however this exploit would be triggered via a URL much like the following:
This URL of course would cause for the page to output the contents of 
the command "uname -a". I think this is definitely worth your 
researchers looking into, and please be sure to credit myself (Robert 
'xnite' Whitney; http://xnite.org) for finding & reporting this 

Best of luck,
	Robert 'xnite' Whitney

PS - If you have any further questions on this matter for me, please 
feel free to us the contact information in my signature below or reply 
to this email.
xnite (xnite at xnite.org)
Google Voice: 828-45-XNITE (96483)
Web: http://xnite.org
PGP Key: http://xnite.org/pgpkey

More information about the Python-Dev mailing list