| 标题 | code-projects Chat System Using PHP 1.0 Stored Cross-Site Scripting (XSS) |
|---|
| 描述 | A Stored (Persistent) Cross-Site Scripting vulnerability was discovered in the real-time chat messaging functionality of Chat System Using PHP version 1.0, available at code-projects.org.
The attack operates across two files forming a complete injection-execution chain:
Injection — send_message.php: The msg parameter from $_POST is stored directly into the chat table without any sanitization, HTML encoding, or input validation:
$msg = $_POST['msg'];
mysqli_query($conn, "insert into `chat` (chatroomid, message, userid, chat_date) values ('$id', '$msg', '".$_SESSION['id']."', NOW())");
Execution — fetch_chat.php: When any user loads the chatroom, all stored messages are retrieved and rendered using bare echo statements — no htmlspecialchars(), htmlentities(), or output encoding of any kind:
echo $row['message']; // ← stored XSS payload executes here
echo $row['uname']; // ← username field also unescaped
Because the payload is persisted in the database, it executes in the browser of every user — including administrators — who opens the chatroom, for as long as the message record exists. A single injection creates a persistent, self-propagating attack surface.
An attacker with a valid session (any registered user) can:
Steal session cookies of all users and administrators via document.cookie.
Perform admin actions on behalf of compromised users (CSRF-via-XSS).
Redirect victims to phishing or malware distribution pages.
Create a self-propagating worm by injecting payloads that automatically send themselves as new messages.
Install persistent keyloggers to capture every keystroke of every chat user.
Deface the chat interface permanently until the database record is manually removed.
|
|---|
| 来源 | ⚠️ https://gist.github.com/higordiego/4683bee16b197643744159b76d0c1ea6 |
|---|
| 用户 | c4ttr4ck (UID 75518) |
|---|
| 提交 | 2026-04-08 23時20分 (19 日前) |
|---|
| 管理 | 2026-04-26 10時26分 (17 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359665 [code-projects Chat System 1.0 Chat Interface /admin/send_message.php msg 跨网站脚本] |
|---|
| 积分 | 20 |
|---|