Don't Give The LionWiki Vulnerability A Chance To Roar At Your Computer

News

Contributed by: Lauren Gerber
Date: July 14, 2009

	1 Vote 0	Don't Give The LionWiki Vulnerability A Chance To Roar At Your Computer

Did you know that if unscrupulous users can get inside your computer, then they are also able to get into your life? This is the harsh reality of one of the disadvantages of computers, networks and the internet. If a computer security vulnerability exists, this is exactly the opportunity that an online attacker requires in order to access your computer and perform whatever activities their hearts desire. A new vulnerability has recently been reported in LionWiki, which runs high risks of being exploited by malicious online attackers in order to access the confidential and sensitive information of victims.

LionWiki is actually a small Wiki engine that has been programmed using the programming language PHP. It is file based and only needs one file to actually work in the correct manner. It is geared for personal notebooks, online journals as well as small sized websites. It is compatible with both UNIX and Windows operating systems, including Windows 2000 which contains but is not limited to these files: 15_16wdm.sys, a1base.sys, axprf.ocx, bhp001.dll, BROTHER.INF as well as jetpack.exe.

The vulnerability in LionWiki has occurred due to input that is passed from the "page" parameter in index.php, which is not adequately validated and confirmed prior to being used to read files. This issue may be exploited by malicious attackers in order to access local arbitrary files, via directory traversal attacks as well as URL-encoded NULL-bytes.

In order for this WikiLion vulnerability to be exploited successfully, it will first need the "magic_quotes_gpc" to be disabled. Right now you may be wondering, what version has this vulnerability been confirmed in? This vulnerability has been confirmed in version 3.0.3. This is not the only version that has been affected; the chances are actually substantially high that other versions have also been affected.

This vulnerability has been rated as moderately critical. Now for the answer to the final question that I know you are wondering, what is the solution to this vulnerability? The main solution with regards to this vulnerability is for users to go as far as editing the source code in order to ensure that the input is sufficiently proved. I would like to quote in conclusion:"When I took office, only high energy physicists had ever heard of what is called the Worldwide Web.... Now even my cat has its own page."Bill Clinton

Resources:
Sign up to the LionWiki forum here.
The original advisory.
Some info about LionWiki.
The LionWiki vulnerability.

User Comments

tarsan July 23, 2009

There's a new version for all release series which fixes the problem: lionwiki.0o.cz

Featured Videos

Optimize Startup

From: PC1News Videos

Added: November 11, 2008

Software Downloads

SpyHunter V.4

Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now