Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15974
HistoryFeb 05, 2007 - 12:00 a.m.

flashChat 4.7.8 Cross Site Scripting Vulnerability

2007-02-0500:00:00
vulners.com
57
JSON

/\ Flashchat 4.7.8 /\

Date of written Advisory: February 04, 2007

Product: Flash Chat =< 4.7.8

Vendor: http://tufat.com/

Description: flashChat is a highly customizable PHP/MySQL based chat room script that is easily integrated into a website and mimics IRC in it's command structure

Exploit(s) / Vulnerability(ies): flashChat is vulnerable to Cross Site Scripting in info.php when the 'add room' function is enabled, which is a default setting and therefore very common. The follow block of code shows variables being displayed without any filtration:
<td><?$room['name']?></td>

PoC(s): create a new channel with the following in the title: <script>alert('test')</script> and use the "who's online" feature on the HTML login page. This could obviously be used for cookie stealing and other malicious attacks.

Vendor Status: Vendor was not informed before publication.

Solution: The vendor has yet to publish a solution for the exploit. There is an unofficial patch on binaryloc's homepage.

Credits:
binaryloc

binaryloc[at]gmail[dot]com

http://binary.copyleftwriting.org

JSON