[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: [HSC Security Group] Multiple XSS in phpopenchat 3.0.2
From: zinho () hackerscenter ! com
Date: 2005-08-05 14:15:31
Message-ID: 20050805141531.30575.qmail () securityfocus ! com
[Download RAW message or body]
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Desc: Multiple XSS in phpopenchat 3.0.2
Risk: Medium to High
"PHPOpenChat is a high performance php-based chat server software for a live \
chat-room or -module on every php-based site."
1. (permanent) XSS hole in profile.php and profile_misc.php
"title" and "content" arguments passed with method POST are not sanitized and can \
generate a permanent XSS hole thus stealing cookie of anyone viewing the user \
profile page
2. (permanent) XSS hole due to the previous in userpage.php. A malicious user can \
manipulate the profile fields and the script will be executed in userpage.php
2. (permanent) XSS hole in mail.php
Probably the most dangerous as it can be directed against a specified user knowing \
just his nickname. "subject", "body" and the other email parameters are not \
sanitized.
3. (temporary) XSS hole in invite.php
"disinvited_chatter" and "invited_chatter"
Vendor has been contacted some days ago but we got no reply so far.
-- HSC Security Group
Get your site audited for free and ay only if we find it vulnerable!
http://www.hackerscenter.com/security
Security researcher? Join us: mail me at zinho@hackerscenter.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic