[NT] Adventia Chat Cross Site Scripting

From: SecuriTeam (support_at_securiteam.com)
Date: 03/31/05

  • Next message: SecuriTeam: "[EXPL] Cyrus IMAP IMAPMAGICPLUS Buffer Overflow (Exploit)" 
    To: list@securiteam.com
Date: 31 Mar 2005 10:24:59 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Adventia Chat Cross Site Scripting
    ------------------------------------------------------------------------

    SUMMARY

    " <http://www.adventia.com/> Adventia Chat Server Pro is an ASP program
    that allows you to easily add multiple HTML-only chat rooms to your site,
    transforming your web site or intranet into a dynamic and successful
    online community comprised of customers, users, suppliers or employees."

    Cross Site Scripting vulnerability has been discovered in Adventia Chat,
    the vulnerability allows running malicious code on user's browsers in
    context of affected site.

    DETAILS

    Vulnerable Systems:
     * Adventia Chat version 3.1
     * Adventia Chat Server Pro version 3.0

    Adventia Chat has by default its HTML code embeeding feature enabled, this
    allows all scripts to be inserted in the chat space. This may lead to a
    cross site scripting vulnerability in all the chat users' browsers
    (including cookie theft and session spoofing). As the entered text is of a
    persistent nature an attack can continue even after the attacker has left
    the chat application.

    Proof of Concept:
    Visit http://www.adventia.com/cgi-bin/chatpro/login.asp and enter any
    script text in login field.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:se_cur_ity@hotmail.com>
    Morning Wood.
    This vulnerability was discovered by Donnie Werner of
    <http://exploitlabs.com> exploitlabs

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[EXPL] Cyrus IMAP IMAPMAGICPLUS Buffer Overflow (Exploit)"

    Relevant Pages