PHPMyChat Authentication Bypass
I won’t have bothered to post this silly flaw but after seeing the google search result for inurl:phpMyChat.php3 , I thought it would be good idea to keep people informed.
I. BACKGROUND
phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. It supports some IRC-like commands, and has been translated to 33 different languages.
II. BUG DESCRIPTION
In the default installation of phpmychat (version 0.14.5) any
unregistered user can get access to the chat rooms by inputing both
the user name and password as same in the input box. i.e. the user
name should be same as password. I tried loging in through various
vulnerable sites using these user id and password combination which
granted me un-authorised access to the rooms -
User Id Password
~~~~~~~~ ~~~~~~~~
admin admin
user user
hacked hacked
…
…
Note: In some cases the user id with ‘admin’ might not work for the
password as ‘admin’ as during installation the owner might have
changed it.
III. IMPACT
Un-authorised user access to chat rooms
IV. AFFECTED PRODUCTS
I have only tested this for PhpMyChat 0.14.5 but I guess the previous
versions might also be affected.
V. VENDOR
http://phpmychat.sourceforge.net
http://www.phpheaven.net/rubrique4.html
FULL CREDITS To - Deb
I. BACKGROUND
phpMyChat is an easy-to-install, easy-to-use multi-room chat based on PHP and a database, supporting MySQL, PostgreSQL, and ODBC. It supports some IRC-like commands, and has been translated to 33 different languages.
II. BUG DESCRIPTION
In the default installation of phpmychat (version 0.14.5) any
unregistered user can get access to the chat rooms by inputing both
the user name and password as same in the input box. i.e. the user
name should be same as password. I tried loging in through various
vulnerable sites using these user id and password combination which
granted me un-authorised access to the rooms -
User Id Password
~~~~~~~~ ~~~~~~~~
admin admin
user user
hacked hacked
…
…
Note: In some cases the user id with ‘admin’ might not work for the
password as ‘admin’ as during installation the owner might have
changed it.
III. IMPACT
Un-authorised user access to chat rooms
IV. AFFECTED PRODUCTS
I have only tested this for PhpMyChat 0.14.5 but I guess the previous
versions might also be affected.
V. VENDOR
http://phpmychat.sourceforge.net
http://www.phpheaven.net/rubrique4.html
FULL CREDITS To - Deb
Posts
No comments:
Post a Comment
Did you like it ? Write your comment.