Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2004 Noam RathausOPENVAS:136141256231016057
HistoryNov 03, 2005 - 12:00 a.m.

PsychoStats Login Parameter Cross-Site Scripting

2005-11-0300:00:00
Copyright (C) 2004 Noam Rathaus
plugins.openvas.org
13

6.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.2%

JSON

PsychoStats is a statistics generator for games. Currently there is support
for a handful of Half-Life

# SPDX-FileCopyrightText: 2004 Noam Rathaus
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

# Cross Site Scripting In PsychoStats 2.2.4 Beta && Earlier
# "GulfTech Security" <[email protected]>
# 2004-12-23 02:50

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.16057");
  script_version("2023-12-13T05:05:23+0000");
  script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_cve_id("CVE-2004-1417");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/12089");
  script_name("PsychoStats Login Parameter Cross-Site Scripting");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2004 Noam Rathaus");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "cross_site_scripting.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_tag(name:"solution", value:"Upgrade to the newest version of this software.");

  script_tag(name:"summary", value:"PsychoStats is a statistics generator for games. Currently there is support
  for a handful of Half-Life 'MODs' including Counter-Strike, Day of Defeat, and Natural Selection.

  There is a bug in this software which makes it vulnerable to HTML and JavaScript injection. An attacker
  may use this flaw to use the remote server to set up attacks against third-party users.");

  script_tag(name:"qod_type", value:"remote_vul");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");

port = http_get_port( default:80 );
if( ! http_can_host_php( port:port ) ) exit( 0 );

host = http_host_name( dont_add_port:TRUE );
if( http_get_has_generic_xss( port:port, host:host ) ) exit( 0 );

foreach dir( make_list_unique( "/", http_cgi_dirs( port:port ) ) ) {

  if( dir == "/" ) dir = "";
  url = dir + "/login.php?login=<script>foo</script>";

  if( http_vuln_check( port:port, url:url, check_header:TRUE, pattern:'"login" value="<script>foo</script>' ) ) {
    report = http_report_vuln_url( port:port, url:url );
    security_message( port:port, data:report );
    exit( 0 );
  }
}

exit( 99 );

Related

cve 1
exploitpack 1
cvelist 1
exploitdb 1
cve
cve
CVE-2004-1417
2004-12-31 05:00:00
exploitpack
exploitpack
PsychoStats 2.2.4 Beta - Cross Site Scripting
2014-12-22 00:00:00
cvelist
cvelist
CVE-2004-1417
2005-02-12 05:00:00
exploitdb
exploitdb
PsychoStats &lt; 2.2.4 Beta - Cross Site Scripting
2014-12-22 00:00:00

6.8 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.2%

JSON
Related for OPENVAS:136141256231016057
cve1exploitpack1cvelist1exploitdb1