18 lines
No EOL
489 B
Text
18 lines
No EOL
489 B
Text
# Exploit Title: [phponlinechat xss ]
|
|
# Date: [5/9/2014]
|
|
# Exploit Author: [N0 Feel]
|
|
# Vendor Homepage: [http://phponlinechat.com/phpchat]
|
|
# Software Link: [http://phponlinechat.com/chat-free-download.php]
|
|
# Version: [3.0]
|
|
# Tested on: [win7]
|
|
|
|
php online chat suffer from xss in user panel
|
|
|
|
- register as user
|
|
- go to : http://path/phpchat/canned_opr.php
|
|
- inject javascript evil code into messae filed
|
|
|
|
demo :
|
|
http://phponlinechat.com/phpchat/canned_opr.php
|
|
|
|
have fun :) |