Release date:
Updated on:
Affected Systems:
MyBB AJAX Chat 1.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56947
Ajax Chat is an open-source Web Chat software implemented using JavaScript, PHP, and MySQL.
MyBB AJAX Chat plug-in 1.0 and other versions do not validate the Input submitted to the chat_frame.php script through the urldecode function. You can create special requests and execute arbitrary script code in the browser.
<* Source: Mr. P-teo
Link: http://www.osvdb.org/show/osvdb/88466
Http://www.exploit-db.com/exploits/23354/
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
& Quot; & amp; gt; & amp; lt; img src = & quot; XSS & quot; onerror = & quot; alert (document. cookie) & quot;/& amp; gt;
% 22% 3E % 3 Cimg % 20src % 3D % 22XSS % 22% 20 onerror % 3D % 22 alert (document. cookie) % 22% 20% 2F % 3E % 0A
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
MyBB
----
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://mods.mybb.com/view/ajax-chat