Title: chatid hijacking
Post by: rsd on January 21, 2010, 01:52:48 PM
This seems to be a potential security issue, but I need to check further.
chatid is the id from the traffic table, which is created in $live->newvisitor().
however, $live->chatid() accepts it from a cookie, if not on session:
if (isset($_COOKIE['hcl_chatid']) && !isset($_SESSION['hcl_chatid']))
$_SESSION['hcl_chatid'] = $_COOKIE['hcl_chatid'];
So an attacker can try to guess a chatid from another user.
I am not sure yet to which extension this can be a problem, but I would like to hear from someone who knows better.