123 Flash Chat Remote Code Injection Weakness

info
discussion
exploit
solution
references

123 Flash Chat Remote Code Injection Weakness

The following string may be supplied as a username to gain administrative privileges:

x;user.name= a;user.name=ADMIN_AVATAR_NAME;

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com