• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: 123 Flash Chat Remote Code Injection Weakness

Severity: HIGH

Description:

123 Flash Chat includes a chat server implemented in Java and a chat client implemented in Flash.

123 Flash Chat is prone to an arbitrary code injection weakness. This issue results from insufficient sanitization of user-supplied data.

Specifically, the issue arises in the 'openOneAVWindow' function. This function accepts a username supplied by a user and insecurely uses the value in a call to the Flash 'eval()' function. An attacker can influence the value of the username variable by using a ';' character to inject code. This can facilitate various attacks such as changing the call to 'eval()' to gain administrative privileges by supplying a username of 'x;user.name= a;user.name=ADMIN_AVATAR_NAME;'. The 'ADMIN_AVATAR_NAME' value is a contstant that represents 'admin' as quotes cannot be used in a username.

Successful exploitation may allow attackers to take complete control of the application and potentially carry out other attacks against the vulnerable server hosting the client, including remote unauthorized access.

Exploitation of this weakness likely depends on the existence of other content injection issues in the site hosting the application. An attacker would exploit other input validation vulnerabilities such as HTML injection or cross-site scripting to supply the malicious value for the username variable.

123 Flash Chat 5.1 and prior versions are affected by this issue.

Affected Products:

• TopCMM Computing 123 Flash Chat Server 5.0.0
• TopCMM Computing 123 Flash Chat Server 5.1.0

References:

• TopCMM Computing: 123 Flash Chat Homepage
• TopCMM Computing: 123 flash chat server software 5.1_2 released!

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.