بسم الله الرحمن الرحيم
اليوم حبيت اعلمكم طريقة ترقيع ثغرة : X7CHAT v1.3.6b Add Admin Exploit
المهم نشوف الثغره
كود:
# Title: X7CHAT v1.3.6b Add Admin Exploit
# EDB-ID: 10931
# CVE-ID: ()
# OSVDB-ID: ()
# Author: d4rk-h4ck3r
# Published: 2010-01-02
# Verified: yes
# Download Exploit Code
# Download Vulnerable app
view source
print?
#####################################################
# [+] Author : d4rk-h4ck3r
# [+] Email : tnst@w.cn
# [+] Site : www.vbspiders.com/vb
# [+] Team : Tunisian Security TeaM
# [+] Dork : powered by x7 chat 1.3.6b
#####################################################
##### Notes from the exploit-db.com team ############
# Vendor has already addressed this issue and even provided a solution in Docs/INSTALL.txt:
# "After finishing the online setup delete the file install.php. If you do not it will be
# possible for anyone to create an administrator account on your chat server."
#
# Therefore please keep in mind this Exploit is not guaranteed to work.
#####################################################
The Exploit :
1- go http://site.com/script/X7Chat/install.php
2- Now you are in X7 Chat Install step 1 click continue
3- Now you are in X7 Chat Install step 2 click also continue
4- Now you are in X7 Chat Install step 3 .
change url from http://site.com/script/x7chat/install.php?step=3 to http://site.com/script/x7chat/install.php?step=4
5- now add user name and password
6- Go login page http://site.com/script/X7Chat/index.php
Good luck and don't make something bad .
Greetz to Password & Maxilog .
هنا
الترقيع بسيط
احذف ملف install.php وغير مسارات اللوحة
تحياتي يزيد العتيبي
jvrdu eyvm : X7CHAT v1>3>6b Add Admin Exploit
04-19-2010, 03:20 PM
ترقيع ثغرة : X7CHAT v1.3.6b Add Admin Exploit 
المواضيع المتشابهه 
العرض الشجري
