Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Chat Embeds -- How Evil Are They???

From: Gage Bystrom <themadichib0d () gmail com>
Date: Thu, 2 Feb 2012 02:51:20 -0800
This seemed amusing at first, right up until you 'take over' the chatroom
by clicking make owner from a staff name >.< ill give you the benefit of
the doubt that the example could have just been exectuted badly....
On Feb 2, 2012 1:04 AM, "Stefan Jon Silverman" <sjs () sjsinc com> wrote:


 Folks:

    An interesting subject that I have never seen discussed here but one I
want to put on the table....

    Apparently Xat (as a chat embed) has so many holes in it that a brick
of Swiss cheese would be jealous..a room I have there on one of my websites
ended up w/ Superman sheets wallpaper when I clicked on a chatters "house"
icon from my room owners account and also managed to change my management
password denying me access to those capabilities until I reset (my cookie
functions from w/in chat box remained active)...

    There is a cute vid demonstrating how to take over a chat room at -->
http://www.youtube.com/watch?v=wHcRLolT7Z8

    I have also found similar ills in other chat embeds like Chatango,
etc....

    Talk among yourselves now....
 --


 Regards,
Stefan

**************************************************************************
             *Stefan Jon Silverman*<http://www.sjsinc.com/cgi-bin/DoRedirect?sig-google>- Founder / President
                          SJS Associates, N.A., Inc.
                   A Technology Strategy Consultancy
**************************************************************************
Cell  *917 929 1668*                               *sjs () sjsinc com*<sjs () sjsinc com>
eMail
                              *www.sjsinc.com*<http://www.sjsinc.com/?%20eMail%20Sig>
**************************************************************************
Aim: *LazloInSF*          Msn: *LazloInSF*              Yahoo: *sjs_sf*
**************************************************************************
              Weebles wobble but they don't fall down!!!!
**************************************************************************


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: