lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050805141531.30575.qmail@securityfocus.com>
Date: 5 Aug 2005 14:15:31 -0000
From: zinho@...kerscenter.com
To: bugtraq@...urityfocus.com
Subject: [HSC Security Group] Multiple XSS in phpopenchat 3.0.2


Hackers Center Security Group (http://www.hackerscenter.com/)            
Zinho's Security Advisory             

Desc: Multiple XSS in phpopenchat 3.0.2 
Risk: Medium to High  

"PHPOpenChat is a high performance php-based chat server software  for a live chat-room or -module on every php-based site." 


1. (permanent) XSS hole in profile.php and profile_misc.php 
"title" and "content" arguments passed with method POST are not  sanitized and can generate a permanent XSS hole thus stealing cookie  of anyone viewing the user profile page 

2. (permanent) XSS hole due to the previous in userpage.php. A  malicious user can manipulate the profile fields and the script will be  executed in userpage.php 

2. (permanent) XSS hole in mail.php 
Probably the most dangerous as it can be directed against a specified  user knowing just his nickname. 
"subject", "body" and the other email parameters are not sanitized. 

3. (temporary) XSS hole in invite.php 
"disinvited_chatter" and "invited_chatter" 

Vendor has been contacted some days ago but we got no reply so far. 


-- HSC Security Group 
Get your site audited for free and ay only if we find it vulnerable! 
http://www.hackerscenter.com/security 

Security researcher? Join us: mail me at zinho@...kerscenter.com 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ