Wchat PHP AJAX Chat Script 1.5 Persistent Cross-Site Scripting

2018.05.22
Credit: L0RD
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script 1.5 - Persistent cross site scripting # Date: 2018-05-21 # Exploit Author: Borna nematzadeh (L0RD) # Vendor Homepage: https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319?s_rank=1327 # Version: 1.5 # Tested on: Windows # POC : 1) Create your account and navigate to "Edit profile" 2) Put this payload into textarea : </textarea><script>console.log(document.cookie)</script> 3) The payload will be executed if someone opens your profile .


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top