<<< Date Index >>>     <<< Thread Index >>>

Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility



"
vulnerability Path :

vuln code in [localhost]/wikepage/index.php

Sample Of vulnerabil Line : $ templatefile=$_GET['template']; (Line 586) And 
More .....
"

Fake advisory:


// load page content
function showpage($file) {
        global $pagevars, $wiki_get, $langu;
        // load file
        $raw=implode("", file($file) );
        // load menu
        $raw2=implode("", file('data/'.$langu.'_menu.txt') );
        // filter!
        $image=$_GET['image'];
        secure($image);
        if ($image){
        $raw="[".$image."]";
        }
        $content=filter( $raw ) . $content;
        $menucontent=filter( $raw2 ) . $menucontent;
        // load template
        // Checks Query string for Template variable, and uses specified 
template or defaults to index.html
        $templatefile=$_GET['template'];
        if($templatefile=="")
                $templatefile="index.html";
        $template=implode( "", 
file('theme/'.$pagevars["theme"].'/'.$templatefile) );
        $whole=str_replace("<!--wikicontent-->",$content,$template);
        $whole=str_replace("<!--menucontent-->",$menucontent,$whole);
        output( $whole, $file );
}

function editpage($file) {