# Exploit Title: [phponlinechat xss ]
# Date: [5/9/2014]
# Exploit Author: [N0 Feel]
# Vendor Homepage: [http://phponlinechat.com/phpchat]
# Software Link: [http://phponlinechat.com/chat-free-download.php]
# Version: [3.0]
# Tested on: [win7]
 
php online chat suffer from xss in user panel
 
- register as user
- go to : http://path/phpchat/canned_opr.php
- inject javascript evil code into messae filed
 
demo  :
http://phponlinechat.com/phpchat/canned_opr.php
 
have fun :)