CVE-2011-4449

Related Files

WikkaWiki 1.3.2 Spam Logging PHP Injection

Posted May 11, 2012

Authored by EgiX, sinn3r | Site metasploit.com

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.

tags | exploit, php

advisories | CVE-2011-4449, OSVDB-77391

SHA-256 | 979dd7941c1071466332c8564dba032aa510362e1fb22f874339cf269936c50e

Download | Favorite | View

WikkaWiki 1.3.2 Code Execution / Shell Upload / SQL Injection

Posted Nov 30, 2011

Authored by EgiX

WikkaWiki versions 1.3.2 and below suffers from remote SQL injection, unrestricted file upload, arbitrary file download, arbitrary file deletion, remote code execution and cross site request forgery vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, code execution, sql injection, file upload, csrf

advisories | CVE-2011-4448, CVE-2011-4449, CVE-2011-4450, CVE-2011-4451, CVE-2011-4452

SHA-256 | f5f16ff3f59901b3991fb94563c0b39bd9eee2fd825e6f8c81aec203ea470e7a

Download | Favorite | View