This Perl script exploits a directory traversal vulnerability in GTChat <= 0.95 Alpha, allowing remote file disclosure (e.g., /etc/resolv.conf) and DoS via recursive requests. The PoC uses LWP::Simple to send crafted HTTP requests with null-byte termination.
Classification
Working Poc 95%
Attack Type
Info Leak | Dos
Complexity
Trivial
Reliability
Reliable
Target:GTChat <= 0.95 Alpha
No auth needed
Prerequisites:Network access to the target server · GTChat chat.pl endpoint accessible