phpmychat_0145_xpl

!/usr/bin/php -q -d shortopentag=on query"INSERT INTO ".CMSGTBL." VALUES $T, '$R', 'SYS exit', '', ".time.", '', 'sprintfLEXITROM, "".specialchar$U,$Latin1,1.""'"; $kicked = 3; ... have a look to "T" argument, it is not sanitized before to be used in our INSERT query, so we can inject all the...

phpMyChat 0.15.0dev - SYS enter Remote Code Execution

!/usr/bin/php -q -d shortopentag=on works with magicquotesgpc=Off\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team" -sourceforge\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to PHPMyChat\r\n";...

phpMyChat 0.15.0dev (SYS enter) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================================= phpMyChat 0.15.0dev SYS enter Remote Code Execution Exploit ============================================================= !/usr/bin/php -q -d shortopentag=on works with...

phpmychat_015dev_xpl

!/usr/bin/php -q -d shortopentag=on works with magicquotesgpc=Off\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team" -sourceforge\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to PHPMyChat\r\n";...

phpMyChat 0.15.0dev - SYS enter Remote Code Execution

phpMyChat 0.15.0dev - SYS enter Remote Code Execution !/usr/bin/php -q -d shortopentag=on works with magicquotesgpc=Off\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team" -sourceforge\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0." host path cmd OPTIONS\r\n"; echo "host: target server...

phpMyChat <= 0.14.5 (SYS enter) Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PHPMyChat = 0.14.5 "SYS enter" remote cmmnds xctn 0day\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: intext:"2000-2001 The phpHeaven Team"...

phpMyChat <= 0.14.5 (SYS enter) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================================= phpMyChat query"INSERT INTO ".CMSGTBL." VALUES $T, '$R', 'SYS exit', '', ".time.", '', 'sprintfLEXITROM, "".specialchar$U,$Latin1,1.""'"; $kicked = 3; ... have a look to "T"...

phpMyChat 0.14.5 - SYS enter Remote Code Execution

!/usr/bin/php -q -d shortopentag=on query"INSERT INTO ".CMSGTBL." VALUES $T, '$R', 'SYS exit', '', ".time.", '', 'sprintfLEXITROM, "".specialchar$U,$Latin1,1.""'"; $kicked = 3; ... have a look to "T" argument, it is not sanitized before to be used in our INSERT query, so we can inject all the...

phpMyChat 0.14.5 - SYS enter Remote Code Execution

phpMyChat 0.14.5 - SYS enter Remote Code Execution !/usr/bin/php -q -d shortopentag=on query"INSERT INTO ".CMSGTBL." VALUES $T, '$R', 'SYS exit', '', ".time.", '', 'sprintfLEXITROM, "".specialchar$U,$Latin1,1.""'"; $kicked = 3; ... have a look to "T" argument, it is not sanitized before to be...

[Full-disclosure] PHPMyChat Authentication Bypass

PHPMyChat Authentication Bypass ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I won't have bothered to post this silly flaw but after seeing the google search result for inurl:phpMyChat.php3 , I thought it would be good idea to keep people informed. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use...

CVE-2005-3991

Multiple cross-site scripting XSS vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to 1 startpage.css.php and 2 style.css.php; or the From parameter to userspopupL.php...

CVE-2005-3991

PHPMyChat 0.14.6 is affected by multiple XSS vulnerabilities. Attackers can inject arbitrary script/HTML via the medium parameter to start_page.css.php and style.css.php, or the From parameter to users_popupL.php. The root cause is lack of input sanitization in these parameters. Impact is remote ...

CVE-2005-3991

Multiple cross-site scripting XSS vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to 1 startpage.css.php and 2 style.css.php; or the From parameter to userspopupL.php...

phpMyChat Multiple XSS vulnerabilities.

phpMyChat Multiple XSS vulnerabilities. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. II. DESCRIPTION phpMyChat 0.14.6 startpage.css.php, style.css.php, userspopupL.php are prone to Cross-site...

phpMyChat0146.txt

phpMyChat Multiple XSS vulnerabilities. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. II. DESCRIPTION phpMyChat 0.14.6 startpage.css.php, style.css.php, userspopupL.php are prone to Cross-site...

PHPMyChat 0.14.6 - style.css.php?medium Cross-Site Scripting

PHPMyChat 0.14.6 - style.css.php?medium Cross-Site Scripting source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

PHPMyChat 0.14.6 - &#039;users_popupL.php?From&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

PHPMyChat 0.14.6 - users_popupL.php?From Cross-Site Scripting

PHPMyChat 0.14.6 - userspopupL.php?From Cross-Site Scripting source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

PHPMyChat 0.14.6 - &#039;style.css.php?medium&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

PHPMyChat 0.14.6 - &#039;start_page.css.php?medium&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/15679/info phpMyChat is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...