BlaB! Chat versions below 3.3 suffer from a cross site scripting vulnerability.
6ea4e559dfc70b02c49d5c7a5bc1f9bd687cc5636f346878530eb701384dc4af+==================================================================+
+ BlaB! Chat < 3.3 (XSS) Multiple Remote Vulnerabilities +
+==================================================================+
Author(s): Ivan Sanchez & Maximiliano Soler
Product: BlaB! Chat
Web: http://hot-things.net/
Versions: 3.3 (only).
Date: 16/10/2007
Not Vulnerable: 4.2 (or superior)
GOOGLE DORKS:
------------
[+] inurl:"chat/info.php?reason=link"
[+] intitle:"BlaB!"
EXPLOIT:
--------
For example...after the variable "link"
http://www.[DOMAIN].tld/chat/info.php?reason=link=[XSS]
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==================================================================+
+ BlaB! Chat < 3.3 (XSS) Multiple Remote Vulnerabilities +
+==================================================================+
--
Maximiliano Soler.
Reports & Review Code.
Null Code Services.
www.nullcode.com.ar
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed