Bugtraq mailing list archives
Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
From: "Steven M. Christey" <coley () mitre org>
Date: Fri, 6 Oct 2006 14:05:11 -0400 (EDT)
There are some important errors in this post that appear to stem from incomplete editing of a previous advisory for an unrelated product, webnews (CVE-2006-5100). The subject line says 1.4, but the version referenced at the end of the post is 1.2.3, which is dated October 2, 2006; so there doesn't appear to be any 1.4. The subject line also mentions WN_BASEDIR, but the demonstration exploit uses includeDir instead. - Steve
Current thread:
- WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit xp1o (Oct 05)
- <Possible follow-ups>
- Re: WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit Steven M. Christey (Oct 06)