vendor:
kingchat chat-box plugin
by:
VipVince
8,8
CVSS
HIGH
Persistent XSS
79
CWE
Product Name: kingchat chat-box plugin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012
MyBB ‘kingchat’ chat-box plugin.
Using the dork inurl:/kingchat.php? you will see multiple forums running this chat plugin. Registration on the forums is required for persistent XSS to work. Now click a random forum with this plugin installed and you will see this: http://vulnforum.com/kingchat.php?notic. Remove 'notic' at the end of the URL and add 'chat=2&1=2' to our query so it becomes: http://server/kingchat.php?chat=2&l=2. You will see the vulnerable chat box. Submit your XSS for instance <script>alert('vipvince')</script>. Now to see our saved JavaScript alert go to: http://server/kingchat.php?chat=2&l=2&message=. Your persistant XSS will be stored here.
Mitigation:
Disable the plugin or upgrade to the latest version.
