[VIM] X7 Chat 18.104.22.168 (mini.php help_file) Local File Include Vulnerability
str0ke at milw0rm.com
Sun Sep 28 03:19:25 UTC 2008
Actually I'm going to change the topic info it affects 2.0.1a as well.
> removing it now.
> George A. Theall wrote:
>> I'm not sure the exploit as described in milw0rm 6592 works generally.
>> Notice the affected file is "help/mini.php" and the arg to include()
>> starts with "./help/"? When you call the script directly, the working
>> directory will be something like "/var/www/html/x7chat/help"., which
>> causes the directory traversal to fail on targets running, say, *nix
>> since there's no directory named "help" under that.
>> The issue is exploitable under version 2.0.0, but it appears to have
>> been fixed in response to rgod's earlier advisory :
>> which leverages a very similar issue in 'help/index.php' to execute
>> arbitrary code.
More information about the VIM