Page 1 of 1

Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Fri Jul 23, 2010 8:12 pm
by nag_sunny
Install the component from Google code (frei-chat2.0)
Login using two different Joomla accounts
Now the module shows one user to other
Enter the below text in one window

Code: Select all

<script>alert('hello')</script>
Now the alert will be displayed infinitely. You can execute any arbitrary JavaScript on other users machine.

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Fri Jul 23, 2010 9:27 pm
by mandville
if this is http://extensions.joomla.org/extensions ... tion/13106 then the latest version is 2.1 (last update on Jul 12, 2010)

have you informed the developer?
is this a self found exploit or copied from somewhere. if needs be, send me the original exploit url by PM

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Sun Jul 25, 2010 5:34 am
by nag_sunny
This I found with the latest version (downloaded day before). It is tested by me and not found anywhere else.

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Sun Jul 25, 2010 7:21 am
by evnix
I am the author of FreiChat,

I have now fixed the vulnerability.
You can download the latest version here
http://code.google.com/p/frei-chat/downloads/list

Thankyou for informing me about the vulnerability.

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Sun Jul 25, 2010 5:08 pm
by mandville
thanks both. added to VEL and marked as resolved.
Evnix, can we have the latest secure version number please

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Tue Jul 27, 2010 10:56 am
by evnix
can we have the latest secure version number please
The secure version number and the latest version that is available for now

2.1.2 for FreiChat [Those having CB installed]

AND

1.2.2 for FreiChatPure [Extension Independent]

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Mon Aug 09, 2010 7:13 pm
by comso
There still seems to be a intermittent issue when submitting in the chat area in Frei Chat Pure v1.2.2

After hitting enter in the text area, there is a carrige return executed instead of a submit.

I have tested with 5 users, 4 failed(carrige return ) instead of submit.

Joomla ver: Joomla! 1.5.15 Stable
PHP Version: 5.2.13
MySQL: 5.0.51a
json version: 1.2.1

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Mon Aug 09, 2010 9:14 pm
by mandville
comso wrote:Joomla ver: Joomla! 1.5.15 Stable
that is more worrying than an extension issue to most people

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Mon Aug 09, 2010 9:54 pm
by brian
@comso thats a bug not a security issue isnt it? I suggest that you take up bug issues with the extension provider and dont hijaak unrelated forum posts

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Posted: Tue Aug 10, 2010 1:54 pm
by comso
Thank you