CVE-2014-5276

Pro Chat Rooms Text Chat Rooms 8.2.0 - Authenticated Cross-Site Scripting via Profile Picture Upload or Edit Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-5276. PoCs published by Mike Manzotti.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Pro Chat Rooms v8.2.0, including Stored XSS, Reflected XSS, SQL Injection, and Arbitrary File Upload. It provides detailed steps and payloads to exploit these vulnerabilities, including a method to upload a PHP web shell via SQL injection.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.

Exploits (1)

exploitdb WORKING POC

by Mike Manzotti · textwebappsphp

https://www.exploit-db.com/exploits/34275

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Pro Chat Rooms v8.2.0, including Stored XSS, Reflected XSS, SQL Injection, and Arbitrary File Upload. It provides detailed steps and payloads to exploit these vulnerabilities, including a method to upload a PHP web shell via SQL injection.

Classification

Working Poc 95%

Attack Type

Xss | Sqli | Rce

Complexity

Moderate

Reliability

Reliable

Target: Pro Chat Rooms v8.2.0

Auth required

Prerequisites: Registered user account · Access to the profile upload and edit functionality

MITRE ATT&CK