WebSocket Live Chat – Cross-Site Scripting

• Exploit Database
• 14 阅读

• 作者： Alireza Norkazemi
  日期： 2018-05-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44686/

• # Exploit Title: WebSocket Live Chat - Cross-Site Scripting
  # Date: 2018-05-22
  # Exploit Author: Alireza Norkazemi
  # Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?s_rank=1
   
  # POC :
  1) Create your account and click setting icon and go to profile
  2) Put this payload into Status box :
  <script>alert('xss')</script>
  3) The payload will be executed if someone opens your profile