[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    [HSC Security Group] Multiple XSS in phpopenchat 3.0.2
From:       zinho () hackerscenter ! com
Date:       2005-08-05 14:15:31
Message-ID: 20050805141531.30575.qmail () securityfocus ! com
[Download RAW message or body]

Hackers Center Security Group (http://www.hackerscenter.com/)            
Zinho's Security Advisory             

Desc: Multiple XSS in phpopenchat 3.0.2 
Risk: Medium to High  

"PHPOpenChat is a high performance php-based chat server software  for a live \
chat-room or -module on every php-based site." 


1. (permanent) XSS hole in profile.php and profile_misc.php 
"title" and "content" arguments passed with method POST are not  sanitized and can \
generate a permanent XSS hole thus stealing cookie  of anyone viewing the user \
profile page 

2. (permanent) XSS hole due to the previous in userpage.php. A  malicious user can \
manipulate the profile fields and the script will be  executed in userpage.php 

2. (permanent) XSS hole in mail.php 
Probably the most dangerous as it can be directed against a specified  user knowing \
just his nickname.  "subject", "body" and the other email parameters are not \
sanitized. 

3. (temporary) XSS hole in invite.php 
"disinvited_chatter" and "invited_chatter" 

Vendor has been contacted some days ago but we got no reply so far. 


-- HSC Security Group 
Get your site audited for free and ay only if we find it vulnerable! 
http://www.hackerscenter.com/security 

Security researcher? Join us: mail me at zinho@hackerscenter.com 


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic