AJAX Chat - Open Source Web Chat / Patches / #8 XSS security vulnerability fix

#8 XSS security vulnerability fix

Status: closed

Owner: Philip Nicolcev

Labels: None

Priority: 5

Updated: 2012-10-25

Created: 2012-06-17

Creator: Glaurungo

Private: No

Chat doesn't check if the logout request is POST request.
It can be abused by third party users, who can - for example - insert malicious image BBcode into their chat messages. Sending something like that: [img]example.pl/chat/?logout=true[/img] will logout all users or spam window with fast increasing number of logout&login messages.

It can be fixed by changing file "/lib/class/AjaxChat.php" -> line:
$this->_requestVars['logout'] = isset($_REQUEST['login']) ? true : false;
To:
$this->_requestVars['logout'] = isset($_POST['logout']) ? true : false;

Discussion

Glaurungo - 2012-06-17

File from 0.8.5a with fix applied

AJAXChat.php

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Philip Nicolcev - 2012-09-20

Good find.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Philip Nicolcev - 2012-09-20

assigned_to: nobody --> frug
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Philip Nicolcev - 2012-10-25

Fixed in upcoming 0.8.6. Thanks!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Philip Nicolcev - 2012-10-25

status: open --> closed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

XSS security vulnerability fix

Fully customizable web chat created using AJAX.

Group

Searches

Help

#8 XSS security vulnerability fix

Discussion