AOH :: HP Unsorted X :: B06-2047.HTM

X7chat <= 2.0.2 avatar xss injection



X7Chat <= 2.0.2 avatar XSS injection
X7Chat <= 2.0.2 avatar XSS injection



X7Chat <= 2.0.2 avatar XSS injection=0D
=0D
Discovered by: Nomenumbra=0D
Date: 6/4/2006=0D
impact:moderate (privilege escalation,possible defacement)=0D
=0D
X7Chat versions 2.0.2 and below are prone to XSS injection in a user's avatar.=0D
By setting this as the url of your avatar:=0D
=0D
javascript:alert('xss')=0D
=0D
you'd have some good ol' XSS=0D
=0D
Nomenumbra/[0x4F4C]

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.