TUCoPS :: Web :: Wiki, Collaborationware :: b06-5656.htm

Speedwiki 2.0 Arbitrary File Upload Vulnerability
Speedwiki 2.0 Arbitrary File Upload Vulnerability
Speedwiki 2.0 Arbitrary File Upload Vulnerability



product :Speedwiki 2.0 
vendor site: http://speedywiki.sourceforge.net/ 
risk:critical

 
a user logged in , can upload a PHP script on the server , by the upload script , there's actually no upload filter on this cms 
path : /speedywiki/index.php?upload=1

xss get :
/index.php?showRevisions='">




full path disclosure : 
/speedywiki/index.php?showRevisions[]/speedywiki/index.php?searchText[]/speedywiki/upload.php

laurent gaffi=E9 & benjamin moss=E9
http://s-a-p.ca/ 
contact: saps.audit@gmail.com 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH