st2tea: Velaro Live Chat HTML Injection

duminică, 28 august 2011

Velaro Live Chat HTML Injection

# Exploit Title: Velaro Live Chat Software Cross Site Scripting
# Date: 29.08.2011
# Author: Sony
# Software Link: http://www.velaro.com/features/live-chat
# Version: all version
# POC: http://st2tea.blogspot.com/2011/08/velaro-live-chat-software-cross-site.html

..................................................................

This is Html Code Injection in the Velaro Live Chat Software:

http://www.velaro.com/Portals/0/prechat-choose.html

Put our code in the chat:

or

< iframe src="http://st2tea.blogspot.com/" >

Some pics:

3 comentarii:

Anonim spunea...: I suggest Chatwing for this, Chatwing is cool, try to check this out, www.chatwing.com. Come visit the Filipino Chat Community www.chat.ph it is the live chat community for the Philipines.; 7 septembrie 2011 la 22:33
CS spunea...: This hack no longer works. Please remove this post.; 27 octombrie 2011 la 09:07
Sony spunea...: Fixed? I don't want remove this, because it's interesting and must be in the history..; 28 octombrie 2011 la 01:00

Trimiteți un comentariu

Rețineți: Numai membrii acestui blog pot posta comentarii.

st2tea

duminică, 28 august 2011

Velaro Live Chat HTML Injection

3 comentarii:

Trimiteți un comentariu

Labels

Blog Archive

Links

Pages

About Me