Bugtraq mailing list archives
SimpleChat
From: subj <r2subj3ct () dwclan org>
Date: 20 Mar 2003 03:33:03 -0000
Product : SimpleChat! Version : 1.3 WebSite : http://hot-things.net Problem : Private info viewing Description: ------------ In a directory /data/ the file containing the information on users of a chat lays (taking place in a chat at present), to which any interested person can receive access. The file looks approximately so: 1048102503: |:127.0.0.1: |:subj: |:w1 1048102799: |:127.0.0.1: |:clark: |:w2 In the given situation we receive IP the user. Exploit: -------- http://[somehost]/chat/data/usr Link: ----- www.dwcgr0up.com Fixs: ----- U can finf all our fix on our homepage [www.dwcgroup.com] Thanks: ------- GipsHack : DHGroup : EXploit.ru : p0is0n : de1irium Contact: -------- r2subj3ct () dwclan org irc.dwcgr0up.biz @ #dwc
Current thread:
- SimpleChat subj (Mar 21)