ChatVia

Themesbrand ChatVia Vulnerabilites

Broken Object Level Authorization:

1. Capture any other user IDs through a user search request.

2. Capture image upload request. (below image)

3. Replace other user id with your id and send the request.

Malicious File Upload:

1. Capture profile image upload request and then chane the type and content to upload html file (containing javascript code).
2. Below image is the url of uploaded file.