updated check and docs that 14.2 may not be vuln
This commit is contained in:
h00die
@@ -4,6 +4,18 @@
|
||||
Exploit-db: [edb](https://www.exploit-db.com/apps/2fa84367ba4f14afab9f51cd3e93606d-tiki-14.2.7z)
|
||||
Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
|
||||
|
||||
Of note, there is some discussion if 14.2 is vuln or not.
|
||||
```
|
||||
1. Exploit-DB says in the title (may be wrong) 14.2 is vuln.
|
||||
2. The linked app Exploit-DB has is 14.2.
|
||||
3. Its verified on Exploit-DB.
|
||||
```
|
||||
vs
|
||||
```
|
||||
1. Manual print statement testing from the PoC on 14.2 doesn't seem to be vuln
|
||||
2. The [notice](https://tiki.org/article414-Important-Security-Fix-for-all-versions-of-Tiki) seems to say 14.2 is the update that fixes the problem
|
||||
```
|
||||
|
||||
### Creating A Testing Environment
|
||||
|
||||
1. Create a fresh Ubuntu 16.04 w/ a LAMP install
|
||||
|
||||
Reference in New Issue
Block a user