PsychoStats v3.1 XSS

2008-12-28T00:00:00
ID SECURITYVULNS:DOC:21088
Type securityvulns
Reporter Securityvulns
Modified 2008-12-28T00:00:00

Description

PsychoStats v3.1 XSS

SOFTWARE:

PsychoStats v3.1

http://www.psychostats.com/

SEVERITY:

Normal

INFO:

PsychoStats is open source software that creates comprehensive gaming statistics for players and clans for Half-Life and Half-Life 2 based games. This includes games like Counter-Strike, Team Fortress 2, Day of Defeat and GunGame. Support for other games such as Call of Duty 4 and Soldat are also supported.

ATTACK:

/admin/login.php?ref="><script>alert(1771);</script>

MY FIX:

Open /admin/login.php and below

$cms->theme->assign_request_vars($validfields, true);

add

$ref = htmlspecialchars($ref, ENT_QUOTES);

This vulnerability was discovered by matrix_killer

e-mail: matrix_k at abv.bg