This exploit demonstrates a path traversal vulnerability in YESWIKI 0.2 by manipulating the 'template' parameter in a GET request to access arbitrary files on the server. The provided HTML form automates the exploitation by submitting a crafted request to retrieve '/etc/passwd'.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:YESWIKI 0.2
No auth needed
Prerequisites:Target server running YESWIKI 0.2 · Network access to the vulnerable endpoint