Computer Security

Security Advisory: WikiWebWeaver 1.0 beta 2 Upload Shell Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA21517] OPT Max "CRM_inc" Parameter File Inclusion Vulnerability

  [SA21519] Owl Intranet Engine Cross-Site Scripting and SQL Injection

  [SA21454] phPay Open Mail Relay Vulnerability

  [SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities

From:crackers_child_(at)_sibersavascilar.com <crackers_child_(at)_sibersavascilar.com>
Date:17.08.2006
Subject:WikiWebWeaver 1.0 beta 2 Upload Shell Vulnerability

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------


Title : WikiWebWeaver 1.0 beta 2 Upload Shell Vulnerability

--------------------------------------------------------------------------------

#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------

Affected software description :
--------------------------------------------------------------------------------

Application :  WikiWebWeaver 1.0 beta 2

URL :  http://wikiwebweaver-devel.teuwen.org:8080/wiki/index.
php?l=FR&display=QuoiDeNeuf_FR

--------------------------------------------------------------------------------

          
--------------------------------------------------------------------------------


Exploit:

WikiWebWeaver 1.0 beta 2 Script Have Upload part and you can upload only gif,jpeg lol :D

but you can upload gif.php or psd.php

http://www.site.com/wiki_path/index.php?upload

we upload a .gif.php or others than our shell go

http://www.site.com/wiki_path/data/documents/ourshell.gif.php :)

you can test it

on http://www.digi-sight.com/wiki/index.php?upload
--------------------------------------------------------------------------------


greets:

X_ALPEREN_X,Root_MOr And All Other Friends

--------------------------------------------------------------------------------




--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------


About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server