JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
BID:24342
Info
JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 24342 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3130 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 06 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | DarkbiteX is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Joomla JD-Wiki 1.0.2 |
| Not Vulnerable: |
Joomla JD-Wiki 1.0.3 |
Discussion
JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
JD-Wiki 1.0.2 and earlier versions are vulnerable to this issue; other versions may also be affected.
JD-Wiki is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
JD-Wiki 1.0.2 and earlier versions are vulnerable to this issue; other versions may also be affected.
Exploit / POC
JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/components/com_jd-wiki/bin/dwpage.php?mosConfig_absolute_path=
http://www.example.com/components/com_jd-wiki/bin/wantedpages.php?mosConfig_absolute_path=
Attackers can use a browser to exploit these issues.
The following proof-of-concept URIs are available:
http://www.example.com/components/com_jd-wiki/bin/dwpage.php?mosConfig_absolute_path=
http://www.example.com/components/com_jd-wiki/bin/wantedpages.php?mosConfig_absolute_path=
Solution / Fix
JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
Solution:
The vendor has released JD-Wiki 1.0.3 to address these issues; please contact the vendor for details on obtaining fixes and upgrades. See the references for details.
Solution:
The vendor has released JD-Wiki 1.0.3 to address these issues; please contact the vendor for details on obtaining fixes and upgrades. See the references for details.
References
JD Wiki For Joomla Multiple Remote File Include Vulnerabilities
References:
References:
- JD-Wiki Home Page (Joomla Developing)
- Joomla! Help Site - JD-Wiki (Joomla!)