Help Center Live Community

Development => Bug Discussions => Topic started by: rsd on January 21, 2010, 01:52:48 PM



Title: chatid hijacking
Post by: rsd on January 21, 2010, 01:52:48 PM
This seems to be a potential security issue, but I need to check further.

chatid is the id from the traffic table, which is created in $live->newvisitor().

however, $live->chatid() accepts it from a cookie, if not on session:
Code:
if (isset($_COOKIE['hcl_chatid']) && !isset($_SESSION['hcl_chatid']))
$_SESSION['hcl_chatid'] = $_COOKIE['hcl_chatid'];

So an attacker can try to guess a chatid from another user.

I am not sure yet to which extension this can be a problem, but I would like to hear  from someone who knows better.