{"id":62579,"date":"2025-04-08T19:43:52","date_gmt":"2025-04-08T16:13:52","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/yeswiki-4-5-1-unauthenticated-path-traversal\/"},"modified":"2025-04-08T19:43:52","modified_gmt":"2025-04-08T16:13:52","slug":"yeswiki-4-5-1-unauthenticated-path-traversal","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/yeswiki-4-5-1-unauthenticated-path-traversal\/","title":{"rendered":"YesWiki 4.5.1 &#8211; Unauthenticated Path Traversal"},"content":{"rendered":"<p><\/p>\n<div>\n<pre><code class=\"language-txt\" style=\"white-space: pre-wrap;\"># Exploit Title: YesWiki  [file_to_read]\")&#13;\n        print(f\"Example: python3 {sys.argv[0]} http:\/\/victim.com&#13;\n\/etc\/passwd\")&#13;\n        sys.exit(1)&#13;\n&#13;\n    target_url = sys.argv[1]&#13;\n    file_to_read = sys.argv[2] if len(sys.argv) &gt; 2 else \"\/etc\/passwd\"&#13;\n    exploit(target_url, file_to_read)\n            <\/code><\/pre>\n<\/p><\/div>\n<p><a href=\"https:\/\/afaghhosting.net]\">\u0622\u0641\u0627\u0642 \u0647\u0627\u0633\u062a\u06cc\u0646\u06af \u0645\u062f\u06cc\u0631\u06cc\u062a \u0633\u0631\u0648\u0631 \u0645\u0634\u0627\u0648\u0631 \u0648 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646 \u0641\u0646\u06cc <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: YesWiki [file_to_read]&#8221;)&#13; print(f&#8221;Example: python3 {sys.argv[0]} http:\/\/victim.com&#13; \/etc\/passwd&#8221;)&#13; sys.exit(1)&#13; &#13; target_url = sys.argv[1]&#13; file_to_read = sys.argv[2] if len(sys.argv) &gt; 2 else &#8220;\/etc\/passwd&#8221;&#13; exploit(target_url, file_to_read) \u0622\u0641\u0627\u0642 \u0647\u0627\u0633\u062a\u06cc\u0646\u06af \u0645\u062f\u06cc\u0631\u06cc\u062a \u0633\u0631\u0648\u0631 \u0645\u0634\u0627\u0648\u0631 \u0648 \u067e\u0634\u062a\u06cc\u0628\u0627\u0646 \u0641\u0646\u06cc<\/p>\n","protected":false},"author":1,"featured_media":62562,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-62579","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62579","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=62579"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/62579\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media\/62562"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=62579"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=62579"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=62579"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}