CVE-2004-1802 Information

Description

Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using 00 before the nickname which causes the IP address to be displayed as $IP$ on the administration web page.

Reference

http://aluigi.altervista.org/adv/chatany-ghost-adv.txt http://marc.info/?l=bugtraq&m=107885946220895&w=2 http://www.lionmax.com/chatanywhere.htm http://www.securityfocus.com/bid/9823 https://exchange.xforce.ibmcloud.com/vulnerabilities/15416