+==================================================================+
+      BlaB! Chat < 3.3 (XSS) Multiple Remote Vulnerabilities      +
+==================================================================+


Author(s): Ivan Sanchez &  Maximiliano Soler

Product: BlaB! Chat

Web: http://hot-things.net/

Versions: 3.3 (only).

Date: 16/10/2007

Not Vulnerable: 4.2 (or superior)



GOOGLE DORKS:
------------
[+] inurl:"chat/info.php?reason=link"
[+] intitle:"BlaB!"


EXPLOIT:
--------

For example...after the variable "link"

http://www.[DOMAIN].tld/chat/info.php?reason=link=[XSS]



NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==================================================================+
+      BlaB! Chat < 3.3 (XSS) Multiple Remote Vulnerabilities      +
+==================================================================+

-- 
     Maximiliano Soler.
  Reports & Review Code.

    Null Code Services.
    www.nullcode.com.ar

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.