TITLE:
123 Flash Chat Server Username Directory Traversal Vulnerability

SECUNIA ADVISORY ID:
SA18455

VERIFY ADVISORY:
http://secunia.com/advisories/18455/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
>From remote

SOFTWARE:
123 Flash Chat Server 5.x
http://secunia.com/product/6824/

DESCRIPTION:
Jesus Olmos Gonzalez has reported a vulnerability in 123 Flash Chat
(123FlashChat) Server, which can be exploited by malicious people to
bypass certain security restrictions.

Input passed in the "user" (username) field in the new user
registration screen isn't properly santised before being used to
create files. This can be exploited to create arbitrary files with
privileges of the server process via directory traversal attacks.
This potentially allows execution of arbitrary commands by e.g.
creating files in the startup folder.

The vulnerability has been reported in version 5.1_1. Prior versions
may also be affected.

SOLUTION:
Update to version 5.1_2.
http://www.123flashchat.com/download.html

PROVIDED AND/OR DISCOVERED BY:
Jesus Olmos Gonzalez

ORIGINAL ADVISORY:
http://www.123flashchat.com/flash-chat-server-v512.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------