If you want to download please click Flashchat 6.0.8 and PHP-FUSION v7.01.04 . I like better older version new versions had too many bugs.
Create a PHP document in the folder “./chat/inc/cmses/” the PHP document must be called “fusion7CMS.php”. hi, yes your version is not compatible with the script anymore, the way they authenticate users has changed, I have only checked the code very fast and there is some changes no more md5 hashes are used which older versions were using, and as of now I have no much time left to download and test the new versions…
A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser.
The code will originate from the site running the Az DGDating Lite software and will run in the security context of that site. l=&id=00001<script>alert(document.cookie);</script> Greetings: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greets to torufoorum members and to all bugtraq readers in Estonia!
Features:- multilanguage,- 35 registering fields,- 3 photos, quick/simple search,- feedback with webmaster, who is online, statistics,- very customizable (Can add new genders (man, woman, couple),- categories (seeking for and more),- securely working on sessions (temporary cookies) and more...
Description: An input validation vulnerability was reported in Az DGDating Lite.
Works with most PHP/My SQL forums and portals, or as a stand-alone chatroom.
Can be used in a live-support configuration, as a registered users only chat, or as a free-for-all chat.
It is reported that the 'language' variable is affected. l=en"<script>alert(document.cookie);</script> It is also reported that the 'id' parameter in 'view.php' is affected. l=&id=00001<script>alert(document.cookie);</script> Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Az DGDating Lite software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Directory traversal vulnerability in php in Az DGDating Lite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and " " (trailing null byte) characters in the l parameter, which is used in an include_once statement.
Az DGDating Lite is a Free dating script working on PHP and My SQL.
To download a script, you have first visit author site and download it from there.
You can also submit a script for free listing in our site.
Cross-site scripting (XSS) vulnerability in Az DGDating Lite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to or (2) id parameter to