Jump to content
  • 0
Griftlands

<Meta> redirect

Question

I am reporting a Meta code that works to redirect part or all of a xat chat. this can be use to redirect whole chat to a totally different or nonxat page or just redirect the iframe of a xat chat. seems like it is blocked for xat profiles but still works for xat chats below i included example but please do not delete the chats as they are just example and i will remove the code once this issue has been fixed. i also included the article where i learned about this and how to do it. This can be abused if users redirect certain websites or bypass xat filter. this also can be abused if user get their domain trusted and they redirect their page. i don't think adding any website or redirect to chats is ok even if its just the iframe (bottom of chat). this is why i wish to report this. 

 

Article: http://eddsn.com/2013/09/put-a-redirect-on-a-xat-chat-page

 

One way of putting a redirect on an HTML page is by using the usual meta refresh method. However, I found out that the filter currently replaces http-equiv=”refresh” to http-equiv=”fresh”, which obviously breaks the redirect parameter value. However, the filter just replaces “re” with an empty string, which can be trivially bypassed. You just have to use http-equiv=”rerefresh”, which finally replaces it to http-equiv=”refresh”. this can be dangerous and should be removed. below is example but i will remove once fixed.

 

instead of 

<meta http-equiv="refresh" content="0; url=http://xat.com">

 

use

<meta http-equiv="rerefresh" content="0; url=http://xat.com">

 

Because Xat has limitations which websites is allowed this is not a major issue but people can have their website trusted and they can redirect their chat or profile.  on chats people can redirect their bottom of their chats to any website using this. unless they put the iframe on top and use it as their main chat background. on profiles this is blocked but still works on chats. this can either redirect the bottom of chats to whatever website they want or redirect the whole chat to another website. which can be dangerous.

 

fix: (remove/block the following tags)

 

meta (best option removes all)

equiv or http-equiv

refresh or rerefresh

content

 

These replacements are in general a bad way of securing a website and should be avoided. As shown above, the current filter the xat developers are applying is useless and is trivially bypassed. I found also other and more advanced ways to accomplish this, but this should in essence do the trick (works on Internet Explorer, Firefox and Chrome). Note that in the future, the xat developers might decide to change the filter by which this small trick will not work anymore. You should also check the xat rules before applying any of this. (again the example below are not mean to break Xat's TOS but to show examples of what you can do with this especially if you find a loophole or get domain approved).

 

example:

 

-chat: http://xat.com/rankpool (whole page redirect example)      

 

1. code:  http://prntscr.com/emx6cs

2. example: http://prnt.sc/emx7g0

 

preview: http://xat.com/web_gear/chat/direct.php?d=RankPool&t=1490149147

 

 

-chat: http://xat.com/banpool (iframe redirect)

 

1. code: http://prnt.sc/emx8k6

2. example: http://prntscr.com/emx8wt

 

preview: http://xat.com/web_gear/chat/direct.php?d=BanPool&t=1490149332

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

Guest
This topic is now closed to further replies.

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.