ID CVE-2006-2156
Summary Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
References
Vulnerable Configurations
  • X7 Group X7 Chat 1.3.2b
    cpe:2.3:a:x7_group:x7_chat:1.3.2b
  • X7 Group X7 Chat 1.3.3b
    cpe:2.3:a:x7_group:x7_chat:1.3.3b
  • X7 Group X7 Chat 1.3.4b
    cpe:2.3:a:x7_group:x7_chat:1.3.4b
  • X7 Group X7 Chat 1.3.5b
    cpe:2.3:a:x7_group:x7_chat:1.3.5b
  • X7 Group X7 Chat 1.3.6
    cpe:2.3:a:x7_group:x7_chat:1.3.6
  • cpe:2.3:a:x7_group:x7_chat:2.0
    cpe:2.3:a:x7_group:x7_chat:2.0
CVSS
Base: 6.4 (as of 03-05-2006 - 17:03)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
exploit-db via4
description X7 Chat <= 2.0 (help_file) Remote Commands Execution Exploit. CVE-2006-2156. Webapps exploit for php platform
file exploits/php/webapps/1738.php
id EDB-ID:1738
last seen 2016-01-31
modified 2006-05-02
platform php
port
published 2006-05-02
reporter rgod
source https://www.exploit-db.com/download/1738/
title X7 Chat <= 2.0 help_file Remote Commands Execution Exploit
type webapps
nessus via4
NASL family CGI abuses
NASL id X7CHAT_HELP_FILE_FILE_INCLUDE.NASL
description The remote host is running X7 Chat, a web-based chat program written in PHP. The version of X7 Chat installed on the remote host fails to properly sanitize input to the 'help_file' parameter of the 'help/index.php' script before using it in a PHP 'include_once()' function. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to exploit this issue to view arbitrary files or to execute arbitrary PHP code on the remote host, subject to the privileges of the web server user id.
last seen 2019-02-21
modified 2018-11-15
plugin id 21312
published 2006-05-03
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=21312
title X7 Chat help/index.php help_file Parameter Local File Inclusion
refmap via4
bid 17777
bugtraq 20060502 X7 Chat <=2.0 remote commands execution
exploit-db 1738
osvdb 25149
secunia 19886
sreason 829
vupen ADV-2006-1608
xf x7chat-index-file-include(26218)
Last major update 07-03-2011 - 21:35
Published 03-05-2006 - 06:02
Last modified 18-10-2018 - 12:38
Back to Top