Jump to content

iGuano

Members
  • Posts

    27
  • Joined

  • Last visited

Posts posted by iGuano

  1. Admins won't spend time on anything that's not making them money, hence the 1000 xat administration fee.

     

    It would take all of 20 minutes to completely implement and test a "change e-mail feature" and its a disgrace that it isn't an option.

     

    This is just another example of xat are lacking the most basic of features, and this is why xat is declining over the past couple of years.

     

    Volunteers do a surprisingly good job considering the poor quality and lack of tools given to them.

  2. Sorry for the late update, I've been quite busy.

     

    The generator has been made more intuitive, it should be easier to use now.

     

    I have also added the new extra options for xat chats, and added some additional options for youtube.

  3. It seems xat is forcing crossdomain.xml to be requested over HTTP, via the chat.swf client.

     

    You will have to stop using SSL for the time being or wait until xat pushes a fix, if you want to avoid this error.

     

    Note:

    Your site isn't any less safe due to xat requesting crossdomain.xml via HTTP (the request is actually being blocked).

    It just means some functionality may stop working (whatever the requested links are being used for).

     

  4. 19 minutes ago, Lamingtons said:

    Nope, your URL is returning BlockedDomain. As I said it was fixed already,

    537f1530695246daa369e5f62c0ee63c.png

    Maybe it's your cache.

     

    It was working at the time of writing, your latest patch must of fixed it.  Good job.

     

    On another note, password reset tokens don't expire after use.. you should fix that.

  5. 10 hours ago, Lamingtons said:

    Ok, thank you again. We're working on it will be fixed.

     

    I've had a look at your second fix.

    This time it seems you now block all mime types except "audio/mpeg".  However the IP leakage issue is still present.

     

    You would have to actually proxy the stream through your server to avoid this issue, maybe it is a risk xat is willing to take.

     

    I created another quick POC, I'll post it below:

     

    index.php

    <?php
    header('Content-Type: audio/mpeg');
    ?>

     

    Now that I've bypassed the mime type blocking, I can still log IP addresses.

     

    Server log

    [leaked victim ip] - - [04/Mar/2017] "GET /;stream.mp3 HTTP/1.1" 200 15 "http://chatsgroup.com/web_gear/chat/media.php?d=[snip]&p=0&id=[snip]" "Mozilla/5.0 [snip]

     

    You can make use of the proxy_pass feature in Nginx to achieve this.  

    • Award 1
  6. 22 minutes ago, Lamingtons said:

    Thank you for the report. It was fixed if you have future issues with xatRadio try to contact us via http://xatproject.com/support/.

     

    Good job.  Thanks I'll notify xatradio.com specific vulnerabilities there from now on.

    26 minutes ago, Lamingtons said:

    Thank you for the report. It was fixed if you have future issues with xatRadio try to contact us via http://xatproject.com/support/.

     

    On second-glance, it appears you have published an incomplete fix.

    I notice you now no longer allow a path (/x.png) in the 'ip' parameter, however if I simply put the domain itself without the path it still works).

     

    In this case, all I would have to do is have my domain automatically redirect to the png file and it would still work.

    This is still fully exploitable.

    • Award 1
  7. 7 minutes ago, server89 said:

    again offline website and all player .swf not see on xat

     

    http://prntscr.com/efsb3i

     

    check

     

    cache not working

     

    http://prntscr.com/efscab

     

    see

     

     

    I assume they are working on fixing the vulnerability, not sure why they would have to disable the whole site.

     

    The error "500 Internal Server Error" suggests there is an error in the coding, probably a typo.  I'd say it will be back up shortly.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.