header-logo
Suggest Exploit
vendor:
Wchat
by:
Borna nematzadeh (L0RD)
7.5
CVSS
HIGH
Persistent cross site scripting
79
CWE
Product Name: Wchat
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE: N/A
CPE: a:codecanyon:wchat
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows
2018

Wchat – Fully Responsive PHP AJAX Chat Script 1.5 – Persistent cross site scripting

Wchat is vulnerable to persistent cross site scripting. An attacker can inject malicious JavaScript code into the textarea of the 'Edit profile' page. The malicious code will be executed when someone visits the profile page.

Mitigation:

Input validation should be used to prevent malicious code from being injected.
Source

Exploit-DB raw data:

# Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script  1.5 - Persistent cross site scripting
# Date: 2018-05-21
# Exploit Author: Borna nematzadeh (L0RD)
# Vendor Homepage: https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319?s_rank=1327
# Version: 1.5
# Tested on: Windows

# POC :
1) Create your account and navigate to "Edit profile"
2) Put this payload into textarea :
</textarea><script>console.log(document.cookie)</script>
3) The payload will be executed if someone opens your profile .

Navigation

Suggest Exploit

Services By CQR