X7 Chat Index.PHP Local File Include Vulnerability
BID:17777
Info
X7 Chat Index.PHP Local File Include Vulnerability
| Bugtraq ID: | 17777 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2006 12:00AM |
| Updated: | May 02 2006 11:05PM |
| Credit: | rgod is credited with the discovery of this vulnerability. |
| Vulnerable: |
X7 Group X7 Chat 1.3.6 X7 Group X7 Chat 1.3.5 B X7 Group X7 Chat 1.3.4 B X7 Group X7 Chat 1.3.3 B X7 Group X7 Chat 1.3.2 B X7 Group X7 Chat 2.0 |
| Not Vulnerable: | |
Discussion
X7 Chat Index.PHP Local File Include Vulnerability
X7 Chat is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
An attacker may also be able to execute arbitrary code by way of uploaded avatars.
Versions 2.0 and earlier are reported vulnerable to this issue.
X7 Chat is prone to a local file-include vulnerability. This may allow unauthorized users to view files and to execute local scripts.
An attacker may also be able to execute arbitrary code by way of uploaded avatars.
Versions 2.0 and earlier are reported vulnerable to this issue.
Exploit / POC
X7 Chat Index.PHP Local File Include Vulnerability
This issue can be exploited through a web client.
The following exploit is available:
This issue can be exploited through a web client.
The following exploit is available:
Solution / Fix
X7 Chat Index.PHP Local File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]