Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
BID:22865
Info
Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
| Bugtraq ID: | 22865 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1394 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 08 2007 12:00AM |
| Updated: | May 12 2015 07:33PM |
| Credit: | Dj7xpl is credited with the discovery of this vulnerability. |
| Vulnerable: |
Flat Chat Flat Chat 2.0 |
| Not Vulnerable: | |
Discussion
Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
Flat Chat is prone to an arbitrary PHP code-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Version 2.0 is vulnerable to this issue.
Flat Chat is prone to an arbitrary PHP code-execution vulnerability because the application fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary malicious PHP code in the context of the webserver process. This may help the attacker compromise the application and the underlying system; other attacks are also possible.
Version 2.0 is vulnerable to this issue.
Exploit / POC
Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
Attackers can exploit this issue via a web client.
A sample proof-of-concept URI has been provided:
http://example.com/flatchat/users.php?cmd=ls -la
Attackers can exploit this issue via a web client.
A sample proof-of-concept URI has been provided:
http://example.com/flatchat/users.php?cmd=ls -la
Solution / Fix
Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Flat Chat Startsession.PHP Remote PHP Code Execution Vulnerability
References:
References:
- Vendor Homepage (Flat Chat)