7 matches found
TikiWiki <= 1.9 Sirius (jhot.php) Remote Command Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- TikiWiki = 1.9 Sirius jhot.php remote commands execution exploit by rgod [email protected] site: http://retrogod.altervista.org dork:...
TikiWiki file upload vulnerability (jhot.php)
Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...
TikiWiki file upload vulnerability (jhot.php)
Added: 09/08/2006 CVE: CVE-2006-4602 BID: 19819 OSVDB: 28456 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The jhot.php script allows remote attackers to upload arbitrary PHP commands into the img/wiki directory. The commands can then be executed by...
TikiWiki jhot.php Arbitrary File Upload
The 'jhot.php' script included with the version of TikiWiki installed on the remote host allows an unauthenticated attacker to upload arbitrary files to a known directory within the web server's document root. Provided PHP's 'fileuploads' setting is enabled, which is true by default, this flaw ca...
TikiWiki 1.9 Sirius - jhot.php Remote Command Execution
TikiWiki 1.9 Sirius - jhot.php Remote Command Execution !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++...
TikiWiki <= 1.9 Sirius (jhot.php) Remote Command Execution Exploit
Exploit for unknown platform in category web applications ================================================================== TikiWiki 126 $result.=" .";...
tikiwiki -- multiple vulnerabilities
Secunia reports: Thomas Pollet has discovered a vulnerability in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "highlight" parameter in tiki-searchindex.php is not properly sanitised before being returned to the user. This can be...