header-logo
Suggest Exploit
vendor:
LionWiki
by:
ayastar
8,8
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: LionWiki
Affected Version From: 3.X
Affected Version To: 3.X
Patch Exists: No
Related CWE: Yes
CPE: a:lionwiki:lionwiki
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Ubuntu 9.10
2010

LionWiki 3.X (index.php) upload shell

This exploit allows an attacker to upload a malicious shell code to the vulnerable LionWiki 3.X application. The attacker can use the dork 'powered by LionWiki' to find vulnerable websites and then use the URL http://victim/path/index.php?action=upload or http://victim.com/path/?action=upload to upload the malicious shell code. However, if the admin has created a password, the attacker will not be able to upload the shell code.

Mitigation:

The admin should create a strong password to prevent attackers from uploading malicious shell code.
Source

Exploit-DB raw data:

# Exploit Title: LionWiki 3.X (index.php) upload shell
# Date: monday 05 april 2010
# Author: ayastar
# Software Link: http://lionwiki.0o.cz
# Version: 3.X
# Tested on: ubuntu 9.10 (english )
# CVE : [yes]
# Code : [exploit code]

hi brother's and all muslims
this is my first bug :)

dork : "powered by LionWiki "

exploit :

http://victim/path/index.php?action=upload
http://victim.com/path/?action=upload


ah (note)" you can't upload you're shell code if admin create password "

contacte my in
dmx-ayastar@hotmail.fr


cretz for alah and  all muslims and all hacker and all tryagian ( ayastar) :)

Navigation

Suggest Exploit

Services By CQR