new XSS vulnerability in php-stats -tracking.php

---

• From: root@xxxxxxxxxxx
• Date: 14 Sep 2007 11:07:57 -0000

---

I found a new xss in php-stats 0.1.9.2

http://phpstats.net/

http://www.example.com/php-stats-path/tracking.php?what=online&ip=[XSS]

Stats must have public access for this (difference from whois.php XSS).

---

• Prev by Date: [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability
• Next by Date: [security bulletin] HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation
• Previous by thread: [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability
• Next by thread: [security bulletin] HPSBMA02258 SSRT071470 rev.1 - HP System Management Homepage (SMH) for Windows, Incomplete Update Installation
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2007-09