MyBB AJAX Chat plug-in 'chat _ frame. php' HTML Injection Vulnerability

Release date:
Updated on:

Affected Systems:
MyBB AJAX Chat 1.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56947

Ajax Chat is an open-source Web Chat software implemented using JavaScript, PHP, and MySQL.

MyBB AJAX Chat plug-in 1.0 and other versions do not validate the Input submitted to the chat_frame.php script through the urldecode function. You can create special requests and execute arbitrary script code in the browser.

<* Source: Mr. P-teo

Link: http://www.osvdb.org/show/osvdb/88466
Http://www.exploit-db.com/exploits/23354/
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

& Quot; & amp; gt; & amp; lt; img src = & quot; XSS & quot; onerror = & quot; alert (document. cookie) & quot;/& amp; gt;

% 22% 3E % 3 Cimg % 20src % 3D % 22XSS % 22% 20 onerror % 3D % 22 alert (document. cookie) % 22% 20% 2F % 3E % 0A

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

MyBB
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://mods.mybb.com/view/ajax-chat