ElfChat version 5.1.2 Pro suffers from a cross site scripting vulnerability.
5dbc0c25c91ac9c248972741c037874ae862593c456258d1c27f34c121b8cf11
+---------------------------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : Elfet - ElfChat 5.1.2 Pro XSS [ x-x Cross Site Scripting] Vulnerable
# Date : 2012-07-05
# Author : Avatar Fearless
# Software link : http://community.elfchat.net/files/download/4-elfchat-5-demo/
# Official Site : http://elfchat.net/
# Version : 5.1.2 Pro
# Tested on : Windows 7 Ultimate x32
# Original Advisory : http://thefear.in/elfchatvuln.txt || http://pastebin.com/0XCdGHzn
# Contact : avatar@hiphopfan.com || avatar_legends@live.com/@mail.ru
# Web Sites : http://anti-armenia.org/ || http://millikuvvetler.net/ || http://mexfi.org/
# Greet`Z To : S3N4N
+---------------------------------------------------------------------------------------------------------------------------------------------------+
[+] Vulnerable :
http://site.tld/elfchat/signup.php
[-] Exploit :
It Takes JavaScript (ex. : <script>alert(1);</script>)
[?] About :
For More Info Contact me.
[@]
Respect To :
All My Bro*S
AA Team
MF Team
MKT Team
[#]
Special Thank`Z To : S3N4N , MaXToN
+---------------------------------------------------------------------------------------------------------------------------------------------------