[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

new XSS vulnerability in php-stats -tracking.php

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: new XSS vulnerability in php-stats -tracking.php
From: root@xxxxxxxxxxx
Date: 14 Sep 2007 11:07:57 -0000

I found a new xss in php-stats 0.1.9.2

http://phpstats.net/

http://www.example.com/php-stats-path/tracking.php?what=online&ip=[XSS]

Stats must have public access for this (difference from whois.php XSS).

Prev by Date: [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability
Next by Date: [security bulletin] HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation
Previous by thread: [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability
Next by thread: [security bulletin] HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation
Index(es):
- Date
- Thread