PHP Open Chat 3.0.2 Cross Site Scripting

`PHPOPENCHAT 3.0.2 Xss AND/OR Full Path Disclosure  
  
1.- Preview  
  
This web APP is Vulnerable to xss in its instalation file but you can  
misconfigurate all the  
code with this bug also, you must see to understand...  
  
  
2.- Vulnerable Code  
  
function database_setup(){  
  
  
if( isset($_POST['form_data']) ){  
  
$host = (string) $_POST['DATABASE_HOST'];  
  
$user = (string) $_POST['DATABASE_USER'];  
  
$pass = (string) $_POST['DATABASE_PASSWORD'];  
  
$tabl = (string) $_POST['DATABASE_TABLESPACE'];  
  
$prefix = (string) $_POST['DATABASE_TABLE_PREFIX'];  
  
  
  
  
  
3.- Expl0tation  
First Bug its where you just post data without nothing in security so  
you can put in the  
host textbox on the install.php?step=2 ">  
in which usually  
is written localhost and in other .php files (install.php) they show  
$host so the Xss its  
notable...  
  
  
4.- More Vuln Code...  
  
  
$this->set_conf_property('DATABASE_HOST', $host);  
  
  
you may think theres no problem with this step but...  
if you write the DATABSE_HOST with host being explotated it could  
be...interesting...  
  
  
5.- MORE  
  
define('DATABASE_HOST', 'localhost');  
  
  
This is the execelent example to show you how it can work like a PHP DROP...  
  
just put something like "> in the  
DATABASE_HOST textbox  
  
and excecute, just refresh and...  
  
Path Disclosure...  
  
\openchat\config.inc.php on line 135  
  
6.- Gr33tz:  
  
http://www.seguridadblanca.org - WCuestas - Chelano - Perverths0 -  
SeguridadBlanca READERS  
- Exploit-DB && FRIENDS =)  
  
  
====================  
31337 HAPPY HACKING  
====================  
`