New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple Vulnerabilities in WikiDocs 0.1.18 #28
Comments
|
hi @nam3lum, thanks for the reports. I will provide as soon as possible .. |
|
In version 0.1.20 I tried to fix the shell bug. Can you check if you can still hack it? |
|
Ok, can you try now please.. :) v0.1.21 |
|
Parameter for enable and disable debug mode for Information Disclosure Vulnerability. v0.2.1 |
|
fixed in refactored, release version up to 0.5.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment

CVE-2022-23376 / Multiple reflected XSS vulnerabilities on different pages.
1. (Template.inc.php) - Reflected XSS Injection
First vulnerability in line 47:


Second is in line 210:
XSS directly using url: https://www.wikidocs.it/?search=%3Csvg/onload=%27alert(%22XSS%22);%27%3E
2. (Submit.php) - Reflected XSS Injection
Vulnerability in line 31:

XSS directly using url: https://www.wikidocs.it/submit.php?act=%22});%3C/script%3E%3Csvg/onload=%27alert(%22XSS%22);%27%3E
3. (Index.php) - Reflected Xss Injection:
CVE-2022-23375 / Authenticated remote code execution vulnerability
(Index.php) - Image upload, Authenticated Remote Code Execution:
first, log in to the website and click edit button on the right top:


Before upload proccess, we have to create malicious payload image:
name: shell.php.png
payload :
After that, you have to click image button on top and upload image:





Select malicious file and click upload:
In upload process, change file extension to the PHP in the POST request:
then the browser automatically sends another request to the malicious file:
Just browse it and try to execute some commands:
Information Disclosure Vulnerability (I did not reserve CVE for this one)
(Functions.inc.php) - Debug mode can be enabled:
Vulnerable lines are between 15-18:


You can get sensitive information using debug mode:
I hope you wil close these vulnerabilities ASAP.
The text was updated successfully, but these errors were encountered: