Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility
"
vulnerability Path :
vuln code in [localhost]/wikepage/index.php
Sample Of vulnerabil Line : $ templatefile=$_GET['template']; (Line 586) And
More .....
"
Fake advisory:
// load page content
function showpage($file) {
global $pagevars, $wiki_get, $langu;
// load file
$raw=implode("", file($file) );
// load menu
$raw2=implode("", file('data/'.$langu.'_menu.txt') );
// filter!
$image=$_GET['image'];
secure($image);
if ($image){
$raw="[".$image."]";
}
$content=filter( $raw ) . $content;
$menucontent=filter( $raw2 ) . $menucontent;
// load template
// Checks Query string for Template variable, and uses specified
template or defaults to index.html
$templatefile=$_GET['template'];
if($templatefile=="")
$templatefile="index.html";
$template=implode( "",
file('theme/'.$pagevars["theme"].'/'.$templatefile) );
$whole=str_replace("<!--wikicontent-->",$content,$template);
$whole=str_replace("<!--menucontent-->",$menucontent,$whole);
output( $whole, $file );
}
function editpage($file) {