Portili Personal and Team Wiki 1.14 – Multiple Vulnerabilities (2)

Exploit Database
81 阅读

作者： Abysssec

日期： 2010-10-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34377/

source: https://www.securityfocus.com/bid/41973/info

Portili Personal and Team Wiki are prone to multiple security vulnerabilities. These vulnerabilities include a cross-site scripting vulnerability, an arbitrary-file-upload vulnerability, and multiple information-disclosure vulnerabilities.

Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication information, upload arbitrary files to the affected computer, and execute arbitrary script code in the context of the browser.

Personal Wiki 1.14 and Team Wiki 1.14 are vulnerable; other versions may also be affected. 

http://www.example.com/ajaxfilemanager/ajaxfilemanager.php?path=../uploads/&view=1<script>alert("abysssec")</script>

last Exploits
Portili Personal and Team Wiki 1.14 – Multiple Vulnerabilities (2)的更多信息

PHP City Portal Script Software – SQL Injection：
WordPress Plugin Premium Gallery Manager – Arbitrary File Upload：
Easysitenetwork Jokes Complete Website – ‘id’ Cross-Site Scripting：
kitForm CRM Extension 0.43 – ‘sorter.ph?sorter_value’ SQL Injection：
Simple Online Hotel Reservation System – Cross-Site Request Forgery (Delete Admin)：
Credit Lite 1.5.4 – SQL Injection：
68kb 68KB Base 1.0.0rc3 – Cross-Site Request Forgery (Admin)：
Elber Wayber Analog/Digital Audio STL 4.00 – Authentication Bypass：