CVE-2017-9557

HIGH

EFS Software Easy Chat Server <3.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9557. PoCs published by Aitezaz Mohsin.

AI-analyzed exploit summary This exploit targets a password disclosure vulnerability in Easy Chat Server by sending a crafted HTTP GET request to the registration page, which returns the password of any specified user in the HTML response. The script parses the response to extract the password.

Description

register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 allows remote attackers to discover passwords by sending the username parameter in conjunction with an empty password parameter, and reading the HTML source code of the response.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aitezaz Mohsin · pythonwebappswindows

https://www.exploit-db.com/exploits/42153

View Code ZIP pw:eip

This exploit targets a password disclosure vulnerability in Easy Chat Server by sending a crafted HTTP GET request to the registration page, which returns the password of any specified user in the HTML response. The script parses the response to extract the password.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Easy Chat Server v2.0 to v3.1

No auth needed

Prerequisites: Network access to the target server · Knowledge of a valid username

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42153/

Scores

CVSS v3 7.5

EPSS 0.0167

EPSS Percentile 73.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522

Status published

Products (1)

echatserver/easy_chat_server 2.0 - 3.1

Published Jun 12, 2017

Tracked Since Feb 18, 2026