------------------------------------------------------------
    - EXPL-A-2005-003 exploitlabs.com Advisory 032 -
------------------------------------------------------------
                       - Adventia Chat -





OVERVIEW
========
Adventia Chat Server Pro 3.0 is an ASP program that allows
you to easily add multiple HTML-only chat rooms to your site,
transforming your web site or intranet into a dynamic and
successful online community comprised of customers, users,
suppliers or employees.


AFFECTED PRODUCTS
=================
Adventia Chat 3.1
Chat Server Pro 3.0
http://www.adventia.com/


DETAILS
=======
Adventia Chat has HTML code enabled by default, allowing all static
and remote XSS to be inserted in the chat space. This causes XSS in all
chat users browsers. ( including cookie theft and session spooofing )
As well, the entered text is of a persistant nature, allowing for
exploitation after the attacker has left the chat application.
This could also be used as an attack vector for "pushing" code
to exploit users using the latest browser exploits.



SOLUTION
========
none
1st contact: March 16, 2005 ( no reply )



PROOF OF CONCEPT
================
none ( just enter any xss style text )
demo url: http://www.adventia.com/cgi-bin/chatpro/login.asp


CREDITS
=======
This vulnerability was discovered and researched by 
Donnie Werner of exploitlabs


web: http://exploitlabs.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/