AjaxChat Cross Site Scripting and SQL Injection Vulnerabilities

Bugtraq ID:	50852
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 30 2011 12:00AM
Updated:	Nov 30 2011 12:00AM
Credit:	Eyup CELIK
Vulnerable:	AjaxChat AjaxChat 0
Not Vulnerable:

AjaxChat Cross Site Scripting and SQL Injection Vulnerabilities

AjaxChat is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

AjaxChat Cross Site Scripting and SQL Injection Vulnerabilities

An attacker can exploit these issues through a browser. To exploit a cross-site scripting issue, the attacker must entice an unsuspecting victim to follow a malicious URI.

AjaxChat Cross Site Scripting and SQL Injection Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

AjaxChat Cross Site Scripting and SQL Injection Vulnerabilities

References:

• AjaxChat Homepage (AjaxChat)