CVE-2008-4624

Fast Click SQL Lite 1.1.7 - Remote Code Execution via CFG[CDIR] Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4624. PoCs published by NoGe.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Fast CLick SQL Lite 1.1.7. The vulnerable file 'common/init.php' allows an attacker to include arbitrary remote files via the 'CFG[CDIR]' parameter.

Description

PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/6785

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Fast CLick SQL Lite 1.1.7. The vulnerable file 'common/init.php' allows an attacker to include arbitrary remote files via the 'CFG[CDIR]' parameter.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Fast CLick SQL Lite 1.1.7

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to reach the target server

MITRE ATT&CK