Overview: We provide voice chat solutions by providing pre-installed servers with an ASP application using Active X objects written with C.
## Deliverables
Overview: We provide voice chat solutions by providing pre-installed servers with an ASP application using Active X objects written with C.
Objectives: We currently have 2 problems:
1- Compatibility Issue: The connection between the back-end (VoIP software on the server) and the client (Chat user) uses a .CAB plugin which is compatible up to windows XP only, and incompatible with any upper system such as vista and seven operating systems.
We have a solution, an excitable file (.EXE) which fixes this problem but it requires to disable the sound device before the .CAB file got installed on the client machine and then re-enable it after the plugin is loaded.
So, We need to put a process in the loading page. If windows xp, then pass. Else vista or seven, redirect to another page which asks the user to download the .EXE file and install it and in the same time disable the sound device before download the .CAB file and re-enable it after the progress is done.
In more words, our chat loading page called "[login to view URL]" we need to add a code in this page which checks if the OS is xp or vista/seven .. if xp continue loading the chat normally.. else check if the client already installed the .EXE file or not .. if installed, then disable the sound device and continue to load chat, after chat is loaded and the .CAB file is installed re-enable the sound device. if the page detected that the client didn't install the .EXE file then asks the client to download the .EXE file and reload the page and re-check and reprocess the previous process which disable and enable the sound device.
this is a way to fix this problem .. if you have another idea.. the problem is our chat doesn't support vista/seven and the fix file need to disable the sound device before the .CAB is installed and re-enable the sound device. if you have another idea to fix .. please go ahead and tell us.
NOTE: we don't have the source code for the .CAB file.
2- The XSS Bug: some codes are used to give the guest user unauthorized access as Admin and give it the ability to kick all users out from the chat rooms. if you wanna to try the bug , you can do the following steps
run VBscripts which make them get authorities as admin while they are only a guest
he can run them throw a browser called "SlimBrowser"
You can get it from the following link:
[login to view URL]
after you install it , you can check the problem
go to the following link (it is one of our chat rooms) :
[login to view URL]
Type any nickname (example : nickname = abcd ) then press the button.
and wait for loading , after loading it going to show a table contain room names choose any room
now you are in the chat .
Then go to View menu >> Explorer Bar >> Script Pad ,
Type one of the following codes : see [login to view URL] attached file
Then press run script
it one of the small icons in the left pane
after it run you wil get authority as same as admins ,
i want to disable those commands
Note : we already disable admins feathers .
We have to solutions:
A) A forced install plugin to detect if the user using (SLIM BROWSER or any browser but the Internet Explorer) if so redirect to another page called "BAN" or ask the user to use IE. in short words we need to run our chat on Internet Explorer only, Native Internet Explorer no one else.
and we must use plugin because JavaScript which get the user agent information read slim browser as IE. so we must have a plugin to detect only native IE.
B) Debug the code: We will give you the source code and the way the hacker use the bugs and you try it and clear the code.
any other idea you are free to solve it your way.