An online chat room that lets users chat with each other.
The nickname input form doesn't sanatize user input before it adds it to the db. In turn this can cause SQL query errors such as:
UPDATE cp_users SET lastaction=NOW() WHERE nick=''
You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'XSS')">'' at line 3
XSS Vuln by submitting malicious text in the chatbox: