Skip to content

Latest commit

 

History

History
23 lines (19 loc) · 1.34 KB

Simple Chat App - Cross-Site-Scripting-1.md

File metadata and controls

23 lines (19 loc) · 1.34 KB

Simple Chat App - Cross-Site-Scripting-1

Description:

Simple Chat App 1.0 allows Cross-Site-Scripting(XSS) via the 'name' parameter at "http://localhost/chat_project/register.php/" . An attacker could exploit this issue to run arbitrary scripting code in an unsuspecting user's browser in the context of the affected site. This could allow an attacker to steal cookie-based authentication credentials and launch other attacks.

Proof of Concept:

  • Go to http://localhost/chat_project/register.php
  • Fill out the form and register.
  • In the 'Name' section, write this code: test"><img src=x onerror=alert(1923)>
  • Then press the 'Sign Up' button.
  • XSS will be triggered.

Ekran görüntüsü 2024-05-15 044951

Ekran görüntüsü 2024-05-15 045002