ChatBlazer Support
http://customer.chatblazer.com/forums/

Cross-Site Scripting Exploit in Sample PHP Page
http://customer.chatblazer.com/forums/viewtopic.php?f=60&t=4195
Page 1 of 1

Author:  samuel [ Mon Apr 23, 2012 12:45 am ]
Post subject:  Cross-Site Scripting Exploit in Sample PHP Page

For ChatBlazer version up to 8.5.10.3, the sample PHP chat page (client.php) contains a cross-site scripting (XSS) exploit. This does not affect the ChatBlazer code (client) itself which is not compromised by this exploit.

The affected section is below.

var mainConfig      = "<?= $_GET['config']; ?>";
var mainLang      = "<?= $_GET['lang']; ?>";
var mainSkin      = "<?= $_GET['skin']; ?>";

// username and password used for direct login only
var session         = "<?= $_GET['session'] ?>";
var directUsername   = "<?= $_GET['user'] ?>";
var directPassword   = "<?= $_GET['pass'] ?>";
var roomPassword   = "<?= $_GET['roompass'] ?>";
var roomID         = "<?= $_GET['roomid']; ?>";
var roomName      = "<?= $_GET['roomname']; ?>";


The exploit can be patched manually by changing the section as below.

var mainConfig      = "<?= htmlspecialchars($_GET['config']) ?>";
var mainLang      = "<?= htmlspecialchars($_GET['lang']) ?>";
var mainSkin      = "<?= htmlspecialchars($_GET['skin']) ?>";

// username and password used for direct login only
var session         = "<?= htmlspecialchars($_GET['session']) ?>";
var directUsername   = "<?= htmlspecialchars($_GET['user']) ?>";
var directPassword   = "<?= htmlspecialchars($_GET['pass']) ?>";
var roomPassword   = "<?= htmlspecialchars($_GET['roompass']) ?>";
var roomID         = "<?= htmlspecialchars($_GET['roomid']) ?>";
var roomName      = "<?= htmlspecialchars($_GET['roomname']) ?>";

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/