Directory Traversal And XSS Vulnerability In Pro Chat Rooms Network Vulnerability

Summary

This host is running Pro Chat Rooms and is prone to Directory Traversal and XSS vulnerability.

Impact

Successful exploitation could result in Directory Traversal, Cross-Site Scripting or Cross-Site Request Forgery attack by execute arbitrary HTML and script code on the affected application. Impact Level: Application

Solution

Upgrade to Pro Chat Rooms version 6.0 or later, For updates refer to http://www.prochatrooms.com

Insight

- Error in profiles/index.php and profiles/admin.php file allows remote attackers to inject arbitrary web script or HTML via the 'gud' parameter. - Error in sendData.php file allows remote authenticated users to select an arbitrary local PHP script as an avatar via a ..(dot dot) in the 'avatar' parameter.

Affected

Pro Chat Rooms version 3.0.3 and prior on all running platform.

References

http://secunia.com/advisories/33088

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-6501, CVE-2008-6502
CVSS Base Score: 4.6
AV:N/AC:H/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities