PhpOnlineChat 3.0 – Cross-Site Scripting

• Exploit Database
• 12 阅读

• 作者： N0 Feel
  日期： 2014-09-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34555/

• # Exploit Title: [phponlinechat xss ]
  # Date: [5/9/2014]
  # Exploit Author: [N0 Feel]
  # Vendor Homepage: [http://phponlinechat.com/phpchat]
  # Software Link: [http://phponlinechat.com/chat-free-download.php]
  # Version: [3.0]
  # Tested on: [win7]
  
  php online chat suffer from xss in user panel
  
  - register as user
  - go to : http://path/phpchat/canned_opr.php
  - inject javascript evil code into messae filed
  
  demo:
  http://phponlinechat.com/phpchat/canned_opr.php
  
  have fun :)