Bugtraq mailing list archives
Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility
From: yeppy () noreply org
Date: 8 Apr 2008 06:36:35 -0000
" vulnerability Path : vuln code in [localhost]/wikepage/index.php Sample Of vulnerabil Line : $ templatefile=$_GET['template']; (Line 586) And More ..... " Fake advisory: // load page content function showpage($file) { global $pagevars, $wiki_get, $langu; // load file $raw=implode("", file($file) ); // load menu $raw2=implode("", file('data/'.$langu.'_menu.txt') ); // filter! $image=$_GET['image']; secure($image); if ($image){ $raw="[".$image."]"; } $content=filter( $raw ) . $content; $menucontent=filter( $raw2 ) . $menucontent; // load template // Checks Query string for Template variable, and uses specified template or defaults to index.html $templatefile=$_GET['template']; if($templatefile=="") $templatefile="index.html"; $template=implode( "", file('theme/'.$pagevars["theme"].'/'.$templatefile) ); $whole=str_replace("<!--wikicontent-->",$content,$template); $whole=str_replace("<!--menucontent-->",$menucontent,$whole); output( $whole, $file ); } function editpage($file) {
Current thread:
- Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility virangar_nml (Apr 07)
- <Possible follow-ups>
- Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility yeppy (Apr 08)