RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities

---

• From: john@xxxxxxxxxxxxxx
• Date: 19 May 2007 22:25:25 -0000

---

PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities

PsychoStats contains multiple cross-site scripting vulnerabilities that may be exploited through the URI.

Vulnerable Files: awards.php, login.php, register.php, weapons.php - other files may also be susceptible to this vulnerability.
Vulnerability: http://target.com/psychostats/weapons.php/>"><script>alert(1)</script>
Vulnerable: PsychoStats v3.0.6b (other versions may also be vulnerable)
Google d0rk: "Powered by PsychoStats v3.0.6b"

John Martinelli
john@xxxxxxxxxxxxxx

RedLevel Security
RedLevel.org

May 19th, 2007

---

• Prev by Date: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets
• Next by Date: Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities
• Previous by thread: Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets
• Next by thread: Jetbox CMS version 2.1 Multiple Path Disclosure Vulnerabilities
• Index(es):
  • Date
  • Thread

---

Relevant Pages [Full-disclosure] Noahs Classifieds Multiple Cross-Site Scripting Vulnerabilities ... Noah's Classifieds Multiple Cross-Site Scripting ... Vulnerabilities ... #the identity robbery of the affected user or administrator ... (Full-Disclosure) RE: copied music cds have a skip in last 18 seconds ... If installing all missing Windows Updates doesn't fix your problem ... xiowan.......in tucson ... (microsoft.public.windows.mediacenter)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2007-05