[VIM] uncertain: FCMS (Family Connections) code execution

Steven M. Christey coley at mitre.org
Tue Aug 14 23:30:19 UTC 2007

Researcher: ilker kandemir

Ref: CVE-2007-4338

   BUGTRAQ FCMS (Family Connections) <= 0.1.1 Remote Command Execution
   Exploit // www.MefistoLabs.com


There's a dispute here:


that points to an "original exploit" for an entirely different product
at http://www.milw0rm.com/exploits/4145, so maybe the dispute is about
copying someone else's exploit without credit.

Looking at the source code for index.php in version 0.6, we have:

	if (isset($_COOKIE['fcms_login_id'])) {
		$_SESSION['login_id'] = $_COOKIE['fcms_login_id'];

but, except for a mysql_query() that might have an SQL injection, the
code only does a meta-refresh to home.php.

There isn't any other code in index.php; the rest are function

Now, I don't know how PHP saves and passes session information back to
the user across requests, but maybe this meta-refresh is enough for
deeper access?

Any ideas?

- Steve

More information about the VIM mailing list