AOH :: HP Unsorted F :: C07-2221.HTM

flashChat 4.7.8 Cross Site Scripting Vulnerability



flashChat 4.7.8 Cross Site Scripting Vulnerability
flashChat 4.7.8 Cross Site Scripting Vulnerability



/*\ Flashchat 4.7.8 /*\

Date of written Advisory: February 04, 2007

Product: Flash Chat =< 4.7.8

Vendor: http://tufat.com/ 

Description:  flashChat is a highly customizable PHP/MySQL based chat room script that is easily integrated into a website and mimics IRC in it's command structure

Exploit(s) / Vulnerability(ies): flashChat is vulnerable to Cross Site Scripting in info.php when the 'add room' function is enabled, which is a default setting and therefore very common.  The follow block of code shows variables being displayed without any filtration:


PoC(s): create a new channel with the following in the title:  and use the "who's online" feature on the HTML login page.  This could obviously be used for cookie stealing and other malicious attacks.

Vendor Status:  Vendor was not informed before publication.

Solution: The vendor has yet to publish a solution for the exploit.  There is an unofficial patch on binaryloc's homepage.

Credits: 
binaryloc

binaryloc[at]gmail[dot]com

http://binary.copyleftwriting.org 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.