PhpOnlineChat 3.0 – Cross-Site Scripting

• Exploit Database
• 111 阅读

• 作者： N0 Feel
  日期： 2014-09-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34555/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

  # Exploit Title: [phponlinechat xss ] # Date: [5/9/2014] # Exploit Author: [N0 Feel] # Vendor Homepage: [http://phponlinechat.com/phpchat] # Software Link: [http://phponlinechat.com/chat-free-download.php] # Version: [3.0] # Tested on: [win7]   php online chat suffer from xss in user panel   - register as user - go to : http://path/phpchat/canned_opr.php - inject javascript evil code into messae filed   demo: http://phponlinechat.com/phpchat/canned_opr.php   have fun :)