[Full-disclosure] PHPMyChat Authentication Bypass

2006-02-21T00:00:00

Description

PHPMyChat Authentication Bypass ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ I won't have bothered to post this silly flaw but after seeing the google search result for inurl:phpMyChat.php3 , I thought it would be good idea to keep people informed. I. BACKGROUND phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. It supports some IRC-like commands, and has been translated to 33 different languages. II. BUG DESCRIPTION In the default installation of phpmychat (version 0.14.5) any unregistered user can get access to the chat rooms by inputing both the user name and password as same in the input box. i.e. the user name should be same as password. I tried loging in through various vulnerable sites using these user id and password combination which granted me un-authorised access to the rooms - User Id Password ~~~~~~~~ ~~~~~~~~ admin admin user user hacked hacked ... ... Note: In some cases the user id with 'admin' might not work for the password as 'admin' as during installation the owner might have changed it. III. IMPACT Un-authorised user access to chat rooms IV. AFFECTED PRODUCTS I have only tested this for PhpMyChat 0.14.5 but I guess the previous versions might also be affected. V. VENDOR http://phpmychat.sourceforge.net http://www.phpheaven.net/rubrique4.html VI. CREDITS Debasis Mohanty www.hackingspirits.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

{"id": "SECURITYVULNS:DOC:11528", "vendorId": null, "type": "securityvulns", "bulletinFamily": "software", "title": "[Full-disclosure] PHPMyChat Authentication Bypass", "description": "PHPMyChat Authentication Bypass\r\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\r\nI won't have bothered to post this silly flaw but after seeing the google\r\nsearch result for inurl:phpMyChat.php3 , I thought it would be good idea to\r\nkeep people informed.\r\n\r\n\r\nI. BACKGROUND\r\n\r\nphpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP\r\nand a database, supporting MySQL, PostgreSQL, and ODBC. It supports some\r\nIRC-like commands, and has been translated to 33 different languages.\r\n\r\n\r\nII. BUG DESCRIPTION\r\n\r\nIn the default installation of phpmychat (version 0.14.5) any unregistered\r\nuser can get access to the chat rooms by inputing both the user name and\r\npassword as same in the input box. i.e. the user name should be same as\r\npassword. I tried loging in through various vulnerable sites using these\r\nuser id and password combination which granted me un-authorised access to\r\nthe rooms - \r\n\r\nUser Id Password\r\n~~~~~~~~ ~~~~~~~~\r\nadmin admin\r\nuser user\r\nhacked hacked\r\n\r\n... \r\n...\r\n\r\n\r\nNote: In some cases the user id with 'admin' might not work for the password\r\nas 'admin' as during installation the owner might have changed it.\r\n\r\nIII. IMPACT\r\nUn-authorised user access to chat rooms\r\n\r\n\r\nIV. AFFECTED PRODUCTS\r\nI have only tested this for PhpMyChat 0.14.5 but I guess the previous\r\nversions might also be affected.\r\n \r\nV. VENDOR\r\nhttp://phpmychat.sourceforge.net\r\nhttp://www.phpheaven.net/rubrique4.html\r\n\r\n\r\nVI. CREDITS\r\nDebasis Mohanty\r\nwww.hackingspirits.com\r\n\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "published": "2006-02-21T00:00:00", "modified": "2006-02-21T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:11528", "reporter": "Securityvulns", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-08-31T11:10:16", "viewCount": 210, "enchantments": {"score": {"value": -0.2, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:5805"]}]}, "exploitation": null, "affected_software": {"major_version": []}, "vulnersScore": -0.2}, "_state": {"dependencies": 1678960946, "score": 1684015796, "affected_software_major_version": 0, "epss": 1679310407}, "_internal": {"score_hash": "5b2ce3fa8e996482de3e9391a18b4fca"}, "sourceData": "", "affectedSoftware": [], "appercut": {}, "exploitpack": {}, "hackapp": {}, "toolHref": "", "w3af": {}}