duminică, 28 august 2011

Velaro Live Chat HTML Injection

# Exploit Title: Velaro Live Chat Software Cross Site Scripting
# Date: 29.08.2011
# Author: Sony
# Software Link: http://www.velaro.com/features/live-chat
# Version: all version
# POC: http://st2tea.blogspot.com/2011/08/velaro-live-chat-software-cross-site.html

..................................................................

This is Html Code Injection in the Velaro Live Chat Software:

http://www.velaro.com/Portals/0/prechat-choose.html

Put our code in the chat:



or

< iframe src="http://st2tea.blogspot.com/" >

Some pics:


3 comentarii:

Rekoyan spunea...

I suggest Chatwing for this, Chatwing is cool, try to check this out, www.chatwing.com. Come visit the Filipino Chat Community www.chat.ph it is the live chat community for the Philipines.

CS spunea...

This hack no longer works. Please remove this post.

Sony spunea...

Fixed? I don't want remove this, because it's interesting and must be in the history..

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.