wizstats icon indicating copy to clipboard operation
wizstats copied to clipboard

Published 20 hours ago verified publisher icon wizkid057

cross site scripting in mystats.php

Open geeknik opened this issue 9 years ago • 1 comments 

GET /~wizkid057/newstats/mystats.php?storecookie=on&u=1'%22()%26%25<acx><ScRiPt%20>prompt(133713)</ScRiPt> HTTP/1.1

This script does not properly filter metacharacters from user input which could allow malicious users to inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable web application to fool a user in order to gather data from them.

geeknik avatar Jun 16 '15 18:06 geeknik

No passwords or anything here. Nothing for an attacker to gain. Will fix anyway, but not a priority. Thanks.

wizkid057 avatar Jun 16 '15 19:06 wizkid057