lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080408063635.31680.qmail@securityfocus.com>
Date: 8 Apr 2008 06:36:35 -0000
From: yeppy@...eply..org
To: bugtraq@...urityfocus.com
Subject: Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility

"
vulnerability Path :

vuln code in [localhost]/wikepage/index.php

Sample Of vulnerabil Line : $ templatefile=$_GET['template']; (Line 586) And More .....
"

Fake advisory:


// load page content
function showpage($file) {
	global $pagevars, $wiki_get, $langu;
	// load file
	$raw=implode("", file($file) );
	// load menu
	$raw2=implode("", file('data/'.$langu.'_menu.txt') );
	// filter!
	$image=$_GET['image'];
	secure($image);
	if ($image){
	$raw="[".$image."]";
	}
	$content=filter( $raw ) . $content;
	$menucontent=filter( $raw2 ) . $menucontent;
	// load template
	// Checks Query string for Template variable, and uses specified template or defaults to index.html
	$templatefile=$_GET['template'];
	if($templatefile=="")
		$templatefile="index.html";
	$template=implode( "", file('theme/'.$pagevars["theme"].'/'.$templatefile) );
	$whole=str_replace("<!--wikicontent-->",$content,$template);
	$whole=str_replace("<!--menucontent-->",$menucontent,$whole);
	output( $whole, $file );
}

function editpage($file) {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ