Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
LabWiki - exploit.company
header-logo
Suggest Exploit
vendor:
LabWiki
by:
muuratsalo (Revshell.com)
5.5
CVSS
MEDIUM
Multiple Vulnerabilities
CWE
Product Name: LabWiki
Affected Version From: All versions up to and including 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2011

LabWiki <= 1.1 Multiple Vulnerabilities

LabWiki <= 1.1 is affected by multiple vulnerabilities, including a shell upload vulnerability and multiple cross-site scripting vulnerabilities. The shell upload vulnerability allows an attacker to upload a malicious file disguised as an image. The cross-site scripting vulnerabilities allow an attacker to inject and execute arbitrary scripts on the LabWiki web pages.

Mitigation:

Update to a patched version of LabWiki or apply relevant security patches. Restrict access to the edit.php script if necessary.
Source

Exploit-DB raw data:

------------------------------------------------------------------------
LabWiki <= 1.1 Multiple Vulnerabilities
------------------------------------------------------------------------
     
author............: muuratsalo (Revshell.com)
contact...........: muuratsalo[at]gmail[dot]com
download..........: http://www.bioinformatics.org/phplabware/labwiki/index.php
    
     
[0x01] Vulnerability overview:

All versions of LabWiki <= 1.1 are affected by multiple vulnerabilities.

     
[0x02] Disclosure timeline:
     
[08/11/2011] - Multiple vulnerabilities discovered and reported to the vendor.
[08/11/2011] - The vendor confirmed the vulnerabilities and he is working on fixing the reported issues.
[09/11/2011] - Public Disclosure


[0x03] Vulnerabilities:

-- Shell Upload Vulnerability --
The upload script /edit.php improperly checks the filetype of uploaded images.
A 'shell.php.gif' is accepted.  /* -- note that access to edit.php could be restricted -- */

-- Multiple Cross Site Scripting Vulnerabilities --
http://localhost/LabWiki/index.php?from="></><script>alert('muuratsalo')</script>&help=true&page=What_is_wiki
http://localhost/LabWiki/recentchanges.php?nothing=nothing&page_no="></><script>alert('muuratsalo')</script>

Navigation

Suggest Exploit

Services By CQR