exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Tiki Wiki <= 8.3 unserialize() PHP Code Execution https://packetstormsecurity.com/files/114526/tikiwiki_unserialize_exec.rb.txt https://packetstormsecurity.com/files/114526/tikiwiki_unserialize_exec.rb.txt https://packetstormsecurity.com/files/114526/Tiki-Wiki-8.3-unserialize-PHP-Code-Execution.html Fri, 06 Jul 2012 23:16:01 GMT This Metasploit module exploits a php unserialize() vulnerability in Tiki Wiki <= 8.3 which could be abused to allow unauthenticated users to execute arbitrary code under the context of the webserver user. The dangerous unserialize() exists in the 'tiki-print_multi_pages.php' script, which is called with user controlled data from the 'printpages' parameter. The exploit abuses the __destruct() method from the Zend_Pdf_ElementFactory_Proxy class to write arbitrary PHP code to a file on the Tiki Wiki web directory. In order to run successfully three conditions must be satisfied (1) display_errors php setting must be On to disclose the filesystem path of Tiki Wiki, (2) The Tiki Wiki Multiprint feature must be enabled to exploit the unserialize() and (3) a php version older than 5.3.4 must be used to allow poison null bytes in filesystem related functions. The exploit has been tested successfully on Ubuntu 9.10 and Tiki Wiki 8.3.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close