Pro Chat Rooms Multiple Security Vulnerabilities
BID:69049
Info
Pro Chat Rooms Multiple Security Vulnerabilities
| Bugtraq ID: | 69049 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-5275 CVE-2014-5276 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 05 2014 12:00AM |
| Updated: | Oct 21 2014 06:01PM |
| Credit: | Mike Manzotti |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Pro Chat Rooms Multiple Security Vulnerabilities
Pro Chat Rooms is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. An HTML-injection vulnerability
3. A cross-site scripting vulnerability
4. An arbitrary-file-upload vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to upload arbitrary file and execute code, exploit latent vulnerabilities in the underlying database or perform certain unauthorized actions and gain access to the affected application.
Pro Chat Rooms 8.2.0 is vulnerable; other versions may also be affected.
Pro Chat Rooms is prone to the following security vulnerabilities:
1. Multiple SQL-injection vulnerabilities
2. An HTML-injection vulnerability
3. A cross-site scripting vulnerability
4. An arbitrary-file-upload vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to upload arbitrary file and execute code, exploit latent vulnerabilities in the underlying database or perform certain unauthorized actions and gain access to the affected application.
Pro Chat Rooms 8.2.0 is vulnerable; other versions may also be affected.
Exploit / POC
Pro Chat Rooms Multiple Security Vulnerabilities
Attackers can exploit these issues using a browser. To exploit the cross-site scripting a issues, an attacker must entice an unsuspecting user to follow a malicious URI.
The following example URIs are available:
http://www.example.com/prochatrooms/profiles/index.php?id=1&edit=[XSS]
Attackers can exploit these issues using a browser. To exploit the cross-site scripting a issues, an attacker must entice an unsuspecting user to follow a malicious URI.
The following example URIs are available:
http://www.example.com/prochatrooms/profiles/index.php?id=1&edit=[XSS]
Solution / Fix
Pro Chat Rooms Multiple Security Vulnerabilities
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
Solution:
Reportedly the issue is fixed, however Symantec has not confirmed this. Please contact the vendor for more information.
References
Pro Chat Rooms Multiple Security Vulnerabilities
References:
References:
- Pro Chat Rooms Homepage (Pro Chat Rooms)