| 제목 | code-projects Chat System Using PHP 1.0 Stored Cross-Site Scripting (XSS) |
|---|
| 설명 | A Stored (Persistent) Cross-Site Scripting vulnerability was discovered in the real-time chat messaging functionality of Chat System Using PHP version 1.0, available at code-projects.org.
The attack operates across two files forming a complete injection-execution chain:
Injection — send_message.php: The msg parameter from $_POST is stored directly into the chat table without any sanitization, HTML encoding, or input validation:
$msg = $_POST['msg'];
mysqli_query($conn, "insert into `chat` (chatroomid, message, userid, chat_date) values ('$id', '$msg', '".$_SESSION['id']."', NOW())");
Execution — fetch_chat.php: When any user loads the chatroom, all stored messages are retrieved and rendered using bare echo statements — no htmlspecialchars(), htmlentities(), or output encoding of any kind:
echo $row['message']; // ← stored XSS payload executes here
echo $row['uname']; // ← username field also unescaped
Because the payload is persisted in the database, it executes in the browser of every user — including administrators — who opens the chatroom, for as long as the message record exists. A single injection creates a persistent, self-propagating attack surface.
An attacker with a valid session (any registered user) can:
Steal session cookies of all users and administrators via document.cookie.
Perform admin actions on behalf of compromised users (CSRF-via-XSS).
Redirect victims to phishing or malware distribution pages.
Create a self-propagating worm by injecting payloads that automatically send themselves as new messages.
Install persistent keyloggers to capture every keystroke of every chat user.
Deface the chat interface permanently until the database record is manually removed.
|
|---|
| 원천 | ⚠️ https://gist.github.com/higordiego/4683bee16b197643744159b76d0c1ea6 |
|---|
| 사용자 | c4ttr4ck (UID 75518) |
|---|
| 제출 | 2026. 04. 08. PM 11:20 (19 날 ago) |
|---|
| 모더레이션 | 2026. 04. 26. AM 10:26 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359665 [code-projects Chat System 1.0 Chat Interface /admin/send_message.php msg 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|