- Exploit Title: Simple Chat App - Cross-Site-Scripting-1
- Date: 2024-12-05
- Exploit Author: Burak Sevben
- Vendor Homepage: https://code-projects.org/simple-chat-system-in-php-with-source-code/
- Software Link: https://download.code-projects.org/details/55a2b6be-cd54-4114-8d04-2ba66d0bc11a
- Version: 1.0
- Tested on: Kali Linux + PHP 8.2.12, Apache 2.4.58
- CVE: Reported, waiting for CVE number.
Simple Chat App 1.0 allows Cross-Site-Scripting(XSS) via the 'name' parameter at "http://localhost/chat_project/register.php/" . An attacker could exploit this issue to run arbitrary scripting code in an unsuspecting user's browser in the context of the affected site. This could allow an attacker to steal cookie-based authentication credentials and launch other attacks.
- Go to http://localhost/chat_project/register.php
- Fill out the form and register.
- In the 'Name' section, write this code:
test"><img src=x onerror=alert(1923)> - Then press the 'Sign Up' button.
- XSS will be triggered.

