This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Remote Command Injection in WebSVN. π **Consequences**: Attackers can execute arbitrary OS commands via the search parameter. π₯ **Impact**: Full system compromise via shell metacharacters.
Q2Root Cause? (CWE/Flaw)
π‘οΈ **CWE**: CWE-78 (OS Command Injection). π **Flaw**: Lack of input sanitization in the `search.php` parameter. β οΈ **Root**: Shell metacharacters are passed directly to the OS.
Q3Who is affected? (Versions/Components)
π¦ **Product**: WebSVN (Online Subversion Repository Browser). π **Affected**: Versions **before 2.6.1**. π« **Fixed**: Version 2.6.1 and later.
Q4What can hackers do? (Privileges/Data)
π **Privileges**: Runs with the web server's privileges (e.g., `www-data`). πΎ **Data**: Can read/write files, steal repo data, or pivot to internal networks. π₯οΈ **Action**: Full remote code execution (RCE).
Q5Is exploitation threshold high? (Auth/Config)
π **Auth**: Likely **Low/None**. The search function is often public. π **Access**: Remote attackers can trigger it via HTTP requests. π― **Ease**: Simple payload injection.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π£ **Public Exp**: **Yes**. Multiple PoCs exist on GitHub (e.g., `CVE-2021-32305.py`). π **Wild Exp**: High risk. Nuclei templates available for mass scanning. π **Proof**: Reverse shell payloads demonstrated.
Q7How to self-check? (Features/Scanning)
π **Check**: Scan for `search.php` with shell metacharacters (e.g., `;`, `|`, `&`). π‘ **Tool**: Use Nuclei or Burp Suite to test injection. π·οΈ **Indicator**: Look for WebSVN version < 2.6.1.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fixed**: Yes. Upgrade to **WebSVN 2.6.1**. π₯ **Patch**: Pull request #142 merged into official repo. π **Action**: Immediate update recommended.
Q9What if no patch? (Workaround)
π‘οΈ **Workaround**: If unpatchable, restrict access to `search.php` via WAF or firewall. π« **Block**: Filter shell metacharacters in input parameters. 𧱠**Isolate**: Limit web server permissions to minimize damage.
Q10Is it urgent? (Priority Suggestion)
π₯ **Priority**: **CRITICAL**. π¨ **Urgency**: High. RCE allows immediate takeover. β³ **Time**: Patch immediately. No auth needed makes it easy to exploit.