Skip to content

ari034/CVE-2020-9758

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 

Repository files navigation

CVE-2020-9758

[Description] An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.


[Additional Information] The leakage of credentials through the URI may be the result of the autologin feature. Also more parameters in the chat.php form may be vulnerable.


[Vulnerability Type] Cross Site Scripting (XSS)


[Vendor of Product] Livezilla


[Affected Product Code Base] Livechat Helpdesk - 8.0.1.3


[Affected Component] Input URL : https://livechat.example.com/chat.php Vulnerable Parameter : name Affected URL : https://livechat.example.com/mobile/chat?lgn=base64_encoded(username)&psswrd=base64_encoded(password)


[Attack Type] Remote


[Impact Escalation of Privileges] true


[Impact Information Disclosure] true


[Attack Vectors] Blind Unauthenticated Stored XSS


[Reference] https://www.livezilla.net


[Discoverer] Arihant Singh

About

Form submission for vulnerability in livezilla

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published