[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080408063635.31680.qmail@securityfocus.com>
Date: 8 Apr 2008 06:36:35 -0000
From: yeppy@...eply..org
To: bugtraq@...urityfocus.com
Subject: Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility
"
vulnerability Path :
vuln code in [localhost]/wikepage/index.php
Sample Of vulnerabil Line : $ templatefile=$_GET['template']; (Line 586) And More .....
"
Fake advisory:
// load page content
function showpage($file) {
global $pagevars, $wiki_get, $langu;
// load file
$raw=implode("", file($file) );
// load menu
$raw2=implode("", file('data/'.$langu.'_menu.txt') );
// filter!
$image=$_GET['image'];
secure($image);
if ($image){
$raw="[".$image."]";
}
$content=filter( $raw ) . $content;
$menucontent=filter( $raw2 ) . $menucontent;
// load template
// Checks Query string for Template variable, and uses specified template or defaults to index.html
$templatefile=$_GET['template'];
if($templatefile=="")
$templatefile="index.html";
$template=implode( "", file('theme/'.$pagevars["theme"].'/'.$templatefile) );
$whole=str_replace("<!--wikicontent-->",$content,$template);
$whole=str_replace("<!--menucontent-->",$menucontent,$whole);
output( $whole, $file );
}
function editpage($file) {
Powered by blists - more mailing lists