Closed PythEch closed 10 years ago
Registering with a username like <script>alert('xss');</script> results a very good way to exploit XSS.
<script>alert('xss');</script>
After that, all you need to do is to login to the chat server. I didn't look further but stealing cookies should be possible (or other nasty things).
It looks like usernames in People tab are not sanitized.
Screenshots: http://imgur.com/Y2w8hTe,H97p03N,d5IDBli
EDIT: I'm not sure but it looks like I have to change First name and Last name to that string too, else I can't connect to the chat server.
The People tab on the browser as HTML (which makes this attack possible):
<div class="widget" id="widget_widget_0"> <h5 class="widget-header"> <img src="/assets/people_icon.png">People </h5> <div class="widget-content" id="widget_0"><ul class="user_list"><li class="user" title="<script>alert('xss');</script>"> <img class="avatar" src="https://secure.gravatar.com/avatar/2ebe455c2f31b6bc9ca152c50b37f4e7?s=25&d=identicon"> <script>alert('xss');</script> </li><li class="user" title="pythech"> <img class="avatar" src="https://secure.gravatar.com/avatar/f4f01e97f6ef1e98427603193245c36e?s=25&d=identicon"> pythech </li></ul></div> <div style="display: none;" class="widget-action-bar"></div> </div>
A big thanks to @Triforce1 for letting me to use his own chat server :) I tried if this was possible after seeing him pentesting his own server. Without him, I was never going to discover this.
Lol. I saw you overflowed my chat server with XSS after I was doing a little pentesting :D.
Registering with a username like
<script>alert('xss');</script>
results a very good way to exploit XSS.After that, all you need to do is to login to the chat server. I didn't look further but stealing cookies should be possible (or other nasty things).
It looks like usernames in People tab are not sanitized.
Screenshots: http://imgur.com/Y2w8hTe,H97p03N,d5IDBli
EDIT: I'm not sure but it looks like I have to change First name and Last name to that string too, else I can't connect to the chat server.
The People tab on the browser as HTML (which makes this attack possible):
A big thanks to @Triforce1 for letting me to use his own chat server :) I tried if this was possible after seeing him pentesting his own server. Without him, I was never going to discover this.