WikkiTikkiTavi

vendor:

WikkiTikkiTavi

by:

ByALBAYX

9.3

CVSS

HIGH

Remote File Upload Vulnerability

434

CWE

Product Name: WikkiTikkiTavi

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

WikkiTikkiTavi is vulnerable to a remote file upload vulnerability. An attacker can upload a malicious file to the server without authentication. This can be exploited to execute arbitrary code on the server.

Mitigation:

Restrict access to the upload.php file and ensure that the uploaded files are validated before being stored on the server.

Source

Exploit-DB raw data:

#############################################
#----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG----#
#############################################
[~]Author   : ByALBAYX

[~]Website  : WWW.C4TEAM.ORG
#############################################
[~]Script   :WikkiTikkiTavi 

[~]Site     :http://tavi.sourceforge.net
#############################################
[~]http://c4team.org/ [tavi_PATH] /upload.php


[~]http://c4team.org/ [tavi_PATH] img/[ shell.php ]



[~]Demo:



[~]http://skylined.org/change/tavi/upload.php


[~]http://skylined.org/change/tavi/img/albayx.php

#############################################
[~]ÃÃ¾inize BaqÃ½n :=)

[~]Greetz For  

[~]Mrabah12R & Kralman & K3vin Mitnick & web-terrorist & SpotGang & Belarus & Tajik
#############################################
Derdimi dinledim, derdimden iGRENDiM...
Onun derdini gordum, derdime iMRENDiM...
FilistiN
----------

# milw0rm.com [2009-02-06]