[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility



"
vulnerability Path :

vuln code in [localhost]/wikepage/index.php

Sample Of vulnerabil Line : $ templatefile=$_GET['template']; (Line 586) And More .....
"

Fake advisory:


// load page content
function showpage($file) {
	global $pagevars, $wiki_get, $langu;
	// load file
	$raw=implode("", file($file) );
	// load menu
	$raw2=implode("", file('data/'.$langu.'_menu.txt') );
	// filter!
	$image=$_GET['image'];
	secure($image);
	if ($image){
	$raw="[".$image."]";
	}
	$content=filter( $raw ) . $content;
	$menucontent=filter( $raw2 ) . $menucontent;
	// load template
	// Checks Query string for Template variable, and uses specified template or defaults to index.html
	$templatefile=$_GET['template'];
	if($templatefile=="")
		$templatefile="index.html";
	$template=implode( "", file('theme/'.$pagevars["theme"].'/'.$templatefile) );
	$whole=str_replace("<!--wikicontent-->",$content,$template);
	$whole=str_replace("<!--menucontent-->",$menucontent,$whole);
	output( $whole, $file );
}

function editpage($file) {