exposing secret rooms vulnerability

0xjessel / calchat

CalChat is a web app that hosts chatrooms for every class and building on campus with the goal of connecting the cal campus community. By logging in with Facebook, students can talk to fellow students in the same building or class, make friends, find study partners, and stay in the loop.

calchat.net

3 stars 0 forks source link

exposing secret rooms vulnerability #161

Closed 0xjessel closed 12 years ago

0xjessel commented 12 years ago

in chat.js:50, the socket.on('online') function, mapping returns too much sensitive information about all the online users in the room. for example, i can see the private key and title of all their group chats as well as what their special value is and whether they enabled their phone/email for notifications (?).

probably want to patch this up to prevent ppl cough from joining secret rooms.

0xjessel commented 12 years ago

i didn't get to see what edward w wrote, but did he mention how he managed to impersonate me?