tiki wiki file upload

All posts tagged tiki wiki file upload

Hello aspiring hackers. Today we will see an exploit in Tiki Wiki CMS Groupware version <=15.1. Tiki Wiki CMS Groupware or simply Tiki, originally known as TikiWiki, is a free and open source Wiki-based content management system and online office suite.  It contains a number of collaboration features allowing it to operate as a Groupware. Groupware is an application software designed to help people involved in a common task to achieve their goals.

This exploit takes advantage of a file upload vulnerability in one of the 3rd party components, ELFinder 2.0. This component comes with default example page which demonstrates file operations such as upload, remove, rename, create directory etc. Default configuration does not force validations such as file extension, content-type etc. Thus, unauthenticated user can upload a PHP file.

Start Metasploit and load the exploit as shown below. Type command “show options” to see the options required to run this exploit.

tiki1

Set the target as shown below and check if it is vulnerable using “check“command.

tiki2

Type command “show payloads” to see the payloads we can set to this exploit. Set the payload as I have set below.

tiki3

Check the options once again after setting the payload. They should look like below.

tiki4

Let’s run this exploit by typing command “run”. We can see that we successfully got the meterpreter shell on the target as shown below.

tiki5