facebook facebook twitter rss

phponlinechat xss

Author: N0 Feel , Published: 15-09-2014
# Exploit Title: [phponlinechat xss ]
# Date: [5/9/2014]
# Exploit Author: [N0 Feel]
# Vendor Homepage: [http://phponlinechat.com/phpchat]
# Software Link: [http://phponlinechat.com/chat-free-download.php]
# Version: [3.0]
# Tested on: [win7]

php online chat suffer from xss in user panel

- register as user
- go to : http://path/phpchat/canned_opr.php
- inject javascript evil code into messae filed

demo :
http://phponlinechat.com/phpchat/canned_opr.php

have fun :)

Like us on Facebook :