phpMyChat style.css.php3 FontName Variable XSS

2005-05-13T00:00:00
ID OSVDB:16770
Type osvdb
Reporter Megasky(magasky@hotmail.com)
Modified 2005-05-13T00:00:00

Description

Vulnerability Description

phpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'style.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

phpMyChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FontName' variable upon submission to the 'style.css.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/chat/config/style.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert(test);</script>

References:

Vendor URL: http://phpmychat.sourceforge.net/rubrique.php3?id_rubrique=29 Secunia Advisory ID:11894 Related OSVDB ID: 16769 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0180.html ISS X-Force ID: 20591 CVE-2005-1619 Bugtraq ID: 13628