[NT] Adventia Chat Cross Site Scripting

• Previous message: SecuriTeam: "[NEWS] E-Data Remote Code Inclusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: list@securiteam.com
Date: 31 Mar 2005 10:24:59 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

  Adventia Chat Cross Site Scripting
------------------------------------------------------------------------

SUMMARY

" <http://www.adventia.com/> Adventia Chat Server Pro is an ASP program
that allows you to easily add multiple HTML-only chat rooms to your site,
transforming your web site or intranet into a dynamic and successful
online community comprised of customers, users, suppliers or employees."

Cross Site Scripting vulnerability has been discovered in Adventia Chat,
the vulnerability allows running malicious code on user's browsers in
context of affected site.

DETAILS

Vulnerable Systems:
 * Adventia Chat version 3.1
 * Adventia Chat Server Pro version 3.0

Adventia Chat has by default its HTML code embeeding feature enabled, this
allows all scripts to be inserted in the chat space. This may lead to a
cross site scripting vulnerability in all the chat users' browsers
(including cookie theft and session spoofing). As the entered text is of a
persistent nature an attack can continue even after the attacker has left
the chat application.

Proof of Concept:
Visit http://www.adventia.com/cgi-bin/chatpro/login.asp and enter any
script text in login field.

ADDITIONAL INFORMATION

The information has been provided by <mailto:se_cur_ity@hotmail.com>
Morning Wood.
This vulnerability was discovered by Donnie Werner of
<http://exploitlabs.com> exploitlabs

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: SecuriTeam: "[NEWS] E-Data Remote Code Inclusion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]