header-logo
Suggest Exploit
vendor:
FlashChat
by:
d3hydr8
5.5
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: FlashChat
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ZZ:FlashChat Local File Inclusion Vulnerability

This vulnerability allows an attacker to include local files on the target system by manipulating the 'file' parameter in the '/chat/admin/inc/help.php' file. By exploiting this vulnerability, an attacker can read sensitive files on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and validate file paths before including them in the code. Additionally, access controls should be implemented to restrict unauthorized access to sensitive files.
Source

Exploit-DB raw data:

# Title : ZZ:FlashChat Local File Inclusion Vulnerability

# Source : http://download.zehnet.de/index.php

# Author : d3hydr8

# Homepage : http://www.darkc0de.com

# Vuln: : /chat/admin/inc/help.php?file=[LFI]

# milw0rm.com [2007-10-19]

Navigation

Suggest Exploit

Services By CQR