tag:blogger.com,1999:blog-7699735801453301458.post876924782210242119..comments2023-04-16T05:05:13.089-07:00Comments on Solution X: Whizzy CMS 10.01 0-dayAAhttp://www.blogger.com/profile/00951225052408238640noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-7699735801453301458.post-23783501586748377352010-07-22T06:17:55.026-07:002010-07-22T06:17:55.026-07:00Sorry but your wrong jack :P You do not have to be...Sorry but your wrong jack :P You do not have to be logged in to exploit the lfi, i know cuz i found it and tested it out lots before reporting it. And no shit its fixed dumb ass, after their domain got owned im sure they did everything they could to fix it lolAAhttps://www.blogger.com/profile/00951225052408238640noreply@blogger.comtag:blogger.com,1999:blog-7699735801453301458.post-90274550368330120022010-07-22T05:19:32.335-07:002010-07-22T05:19:32.335-07:00First, the example given was wrong - you had to be...First, the example given was wrong - you had to be logged in as an admin user and provide some other stuff in the query string to see the exploit.<br /><br />Second, this vulnerability is fixed by upgrading to Whizzy CMS 10.02 (or above), available from http://code.google.com/p/whizzy/Anonymoushttps://www.blogger.com/profile/04247692127564068191noreply@blogger.comtag:blogger.com,1999:blog-7699735801453301458.post-2964338834741453562010-07-15T11:05:20.427-07:002010-07-15T11:05:20.427-07:00http://inj3ct0r.com/exploits/13344 :)http://inj3ct0r.com/exploits/13344 :)AAhttps://www.blogger.com/profile/00951225052408238640noreply@blogger.comtag:blogger.com,1999:blog-7699735801453301458.post-54312835604289157122010-07-15T08:21:52.009-07:002010-07-15T08:21:52.009-07:00http://www.exploit-db.com/exploits/14366/ :Dhttp://www.exploit-db.com/exploits/14366/ :DAAhttps://www.blogger.com/profile/00951225052408238640noreply@blogger.com