header-logo
Suggest Exploit
vendor:
phponlinechat
by:
N0 Feel
4,3
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: phponlinechat
Affected Version From: 3.0
Affected Version To: 3.0
Patch Exists: NO
Related CWE: N/A
CPE: a:phponlinechat:phponlinechat:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2014

phponlinechat xss

php online chat suffer from xss in user panel. To exploit this vulnerability, a user must register as a user and inject a malicious JavaScript code into the message field on the http://path/phpchat/canned_opr.php page.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: [phponlinechat xss ]
# Date: [5/9/2014]
# Exploit Author: [N0 Feel]
# Vendor Homepage: [http://phponlinechat.com/phpchat]
# Software Link: [http://phponlinechat.com/chat-free-download.php]
# Version: [3.0]
# Tested on: [win7]

php online chat suffer from xss in user panel

- register as user
- go to : http://path/phpchat/canned_opr.php
- inject javascript evil code into messae filed

demo  :
http://phponlinechat.com/phpchat/canned_opr.php

have fun :)

Navigation

Suggest Exploit

Services By CQR