An online chat room that lets users chat with each other.
Effected files:
fastchat.php
fastshow.php
The nickname input form doesn't sanatize user input before it adds it to
the db. In turn this can cause SQL query errors such as:
UPDATE cp_users SET lastaction=NOW() WHERE nick='<BODY
BACKGROUND="javascript:alert('XSS')">'
You have an error in your SQL syntax. Check the manual that corresponds to
your MySQL server version for the right syntax to use near 'XSS')">'' at
line 3
XSS Vuln by submitting malicious text in the chatbox:
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.