FlashChat v3.9.3.1 PHP info Vulnerability

vendor:

FlashChat

by:

indoushka

7.5

CVSS

HIGH

PHP info

N/A

CWE

Product Name: FlashChat

Affected Version From: 3.9.3.1

Affected Version To: 3.9.3.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)

2008

FlashChat v3.9.3.1 PHP info Vulnerability

The vulnerability exists in FlashChat v3.9.3.1, which allows an attacker to view the PHP information of the server by accessing the phpinfo.php page. This can be done by accessing the URL http://server/chat/phpinfo.php or http://server/chat/phpinfo.php?php=.

Mitigation:

Restrict access to the phpinfo.php page and ensure that the page is not accessible from the public.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : FlashChat v3.9.3.1 PHP info Vulnerability                              |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       
| # Web Site : www.iq-ty.com                                                           |
| # Script   : Powered by FlashChat v 3.9.3.1                                          |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : PHP info                                                                | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| 1- http://server/chat/phpinfo.php
| 2- http://server/chat/phpinfo.php?php=
| 
================================   Dz-Ghost Team   ========================================
Greetz : Exploit-db Team (loneferret+Exploits+dookie2000ca)
all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 * www.hackteach.org
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) * www.cyber-mirror.org
www.albasrah-forums.com * www.amman-dj.com * www.forums.ibb7.com * www.maker-sat.com * www.owned-m.com
www.vb.7lanet.com * www.3kalam.com * Stake (v4-team.com) * www.3kalam.com * www.dev-chat.com  
www.al7ra.com * Cyb3r IntRue (avengers team) * www.securityreason.com * www.packetstormsecurity.org
www.sazcart.com * www.best-sec.net * www.app.feeddigest.com * www.forum.brg8.com * www.zone-h.net
www.m-y.cc * www.hacker.ps * no-exploit.com * www.bug-blog.de * www.gem-flash.com * www.soqor.org
www.h4ckf0ru.com * www.bawassil.com * www.host4ll.com * www.hacker-top.com * www.xp10.me 
www.forums.soqor.net * www.alkrsan.net * blackc0der (www.forum.aria-security.com)  
SoldierOfAllah (www.m4r0c-s3curity.cc)www.arhack.net * www.google.com * www.np-alm7bh.com 
www.lyloo59.skyrock.com * www.sec-eviles.com * www.snakespc.com * www.kadmiwe.net * www.syrcafe.com 
www.mriraq.com * www.dzh4cker.l9l.org * www.goyelang.cn * www.h-t.cc * www.arabic-m.com * www.74ck3r.com 
r1z (www.sec-r1z.com) * omanroot.com * www.bdr130.net * www.zac003.persiangig.ir * www.0xblackhat.ir
www.mormoroth.net * www.securitywall.org * www.sec-code.com *
-------------------------------------------------------------------------------------------