PhpOnlineChat 3.0 - Cross-Site Scripting

EDB-ID:

34555


Author:

N0 Feel

Type:

webapps


Platform:

PHP

Date:

2014-09-07


# Exploit Title: [phponlinechat xss ]
# Date: [5/9/2014]
# Exploit Author: [N0 Feel]
# Vendor Homepage: [http://phponlinechat.com/phpchat]
# Software Link: [http://phponlinechat.com/chat-free-download.php]
# Version: [3.0]
# Tested on: [win7]

php online chat suffer from xss in user panel

- register as user
- go to : http://path/phpchat/canned_opr.php
- inject javascript evil code into messae filed

demo  :
http://phponlinechat.com/phpchat/canned_opr.php

have fun :)