It is currently Sat Dec 16, 2017 2:44 pm

All times are UTC - 5 hours [ DST ]




 Page 1 of 1 [ 1 post ] 
Author Message
 Post subject: Cross-Site Scripting Exploit in Sample PHP Page
PostPosted: Mon Apr 23, 2012 12:45 am 
Support Staff

Joined: Fri Nov 01, 2002 4:06 am
Posts: 43
For ChatBlazer version up to 8.5.10.3, the sample PHP chat page (client.php) contains a cross-site scripting (XSS) exploit. This does not affect the ChatBlazer code (client) itself which is not compromised by this exploit.

The affected section is below.

var mainConfig      = "<?= $_GET['config']; ?>";
var mainLang      = "<?= $_GET['lang']; ?>";
var mainSkin      = "<?= $_GET['skin']; ?>";

// username and password used for direct login only
var session         = "<?= $_GET['session'] ?>";
var directUsername   = "<?= $_GET['user'] ?>";
var directPassword   = "<?= $_GET['pass'] ?>";
var roomPassword   = "<?= $_GET['roompass'] ?>";
var roomID         = "<?= $_GET['roomid']; ?>";
var roomName      = "<?= $_GET['roomname']; ?>";


The exploit can be patched manually by changing the section as below.

var mainConfig      = "<?= htmlspecialchars($_GET['config']) ?>";
var mainLang      = "<?= htmlspecialchars($_GET['lang']) ?>";
var mainSkin      = "<?= htmlspecialchars($_GET['skin']) ?>";

// username and password used for direct login only
var session         = "<?= htmlspecialchars($_GET['session']) ?>";
var directUsername   = "<?= htmlspecialchars($_GET['user']) ?>";
var directPassword   = "<?= htmlspecialchars($_GET['pass']) ?>";
var roomPassword   = "<?= htmlspecialchars($_GET['roompass']) ?>";
var roomID         = "<?= htmlspecialchars($_GET['roomid']) ?>";
var roomName      = "<?= htmlspecialchars($_GET['roomname']) ?>";



_________________
Samuel
ChatBlazer Support
Offline
 Profile  
 
Display posts from previous:  Sort by  
 Page 1 of 1 [ 1 post ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

cron