Tiki Wiki 15.1 - Unauthenticated File Upload (metasploit)


SUBMITTED BY: sahertian

DATE: July 14, 2016, 8:39 a.m.

UPDATED: July 14, 2016, 8:39 a.m.

FORMAT: Text only

SIZE: 890 Bytes

HITS: 701

  1. Tiki is the Free / Libre / Open Source Web Application Platform with the most built-in features. Whatever feature you can imagine running in a browser window, chances are Tiki does it.
  2. The Tiki Community has released updates to all current versions of Tiki Wiki CMS Groupware. This update addresses a critical vulnerability found in third-party code that is included with Tiki. The update also includes many fixes and updates.
  3. We highly encourage all Tiki administrators to update their sites to the latest Tiki versions: Tiki 15.2, Tiki 14.4, and Tiki 12.9 LTS.
  4. But many Tiki sites are still vulnerable..
  5. [*] Started reverse TCP handler on 192.168.0.142:4444
  6. [*] Uploading backdoor file: AVSabRQBpCj.php
  7. [+] Backdoor successfully created.
  8. [*] Trigging the exploit...
  9. If you use Tiki please update ASAP.
  10. Here is the download link for updating Tiki http://goo.gl/gOfXvD

comments powered by Disqus