10 lines
No EOL
424 B
Text
10 lines
No EOL
424 B
Text
# Exploit Title: WebSocket Live Chat - Cross-Site Scripting
|
|
# Date: 2018-05-22
|
|
# Exploit Author: Alireza Norkazemi
|
|
# Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?s_rank=1
|
|
|
|
# POC :
|
|
1) Create your account and click setting icon and go to profile
|
|
2) Put this payload into Status box :
|
|
<script>alert('xss')</script>
|
|
3) The payload will be executed if someone opens your profile |