Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21196
HistoryJan 20, 2009 - 12:00 a.m.

53KF Web IM 2009 Cross-Site Scripting Vulnerabilities

2009-01-2000:00:00
vulners.com
20
JSON

Application: 53KF Web IM
Vendor: www.53kf.com
Corporation: LiuDu, Inc.
Version: Latest: (19 JAN 2009) - Home Edition, Enterprise & Professional
Description: 53KF Web IM 2009 Cross-Site Scripting Vulnerabilities

Background:

53KF is a web-based group chat tool that lets invite a client,
colleague, or vendor to chat, and collaborate.More than 220,000
websites in the use of 53KF.

Vulnerability:

They do not properly sanitize the potentially malicious input content
to be rendered and, as a result, an attacker might provide malicious
HTML content as part of an IM message. There is a client-side only
input validation.

Exploit:

156function sendmsg() {
157 try{textCounter(document.getElementById("input1"),1000)}catch(e){}
158 msg=document.getElementById("input1").value;
159 if (msg.trim()=="") {
160 return;
161 }
162 msg=UBBEncode(msg);
163 document.getElementById("input1").value="";
164 display_msg("<font color=\"#666666\">"+infos[13]+":
"+getTime2()+"</font><br>&nbsp;&nbsp;"+UBBCode(msg.trim()));
165 try{msg=msgFilter(msg);}catch(e){}
166 if(usezzdy=="1"){
167 var rmsg=sendtext(msg);
168 display_msg("<font
color=\"#666666\">"+infos[57]+":</font><br>&nbsp;&nbsp;<font
color=\"#0000CE\">"+rmsg+"</font>");
169 }else{
170 if (typeof(rec_stat)!="undefined" && rec_stat==1){
171 push_info("post","REC",mytempid,"11",UBBCode(msg.trim()),getTime());
172 display_msg("<font
color=\"#666666\">"+infos[29]+":</font><br>&nbsp;&nbsp;<font
color=\"#0000CE\">"+UBBCode(UBBEncode(lword_prompt))+"</font>");
173 }
174 else{
175 qstmsg(UBBCode(msg.trim()));
176 }
177 }
178 if (talk_fee_type==1)
179 {
180 talk_fee_type=0;
181 url="http://www.53kf.cn/v5_talk.php?talk_fee_type=1&amp;arg=&quot;+arg+&quot;&amp;style=&quot;+style;
182 rpc(url);
183 }
184
185 if(istalktype==1)
186 {
187 istalktype=0;
188 url="http://www.53kf.cn/istalk.php?companyid=&quot;+company_id+&quot;&amp;istalk=1&quot;;
189 rpc(url);
190 }
191}

SET BREAKPOINT(firebug, etc) AT 164TH LINE, AND SET NEW VALUE:
msg = "<iframe width=800 height=600 src='httP://WWW.g.cn'></iframe>"

=========================
xisigr[topsec]
[email protected]

NAME:xushaopei(xsp)
ORG:Heart[T.P.S][F.S.T][J.I.C]
QQ:9634989
EMAIL:[email protected]
BLOG:http://www.hackheart.com

JSON