AOH :: HP Unsorted H :: TB11007.HTM

HLstats v1.35 Cross-Site Scripting Vulnerability #3



RedLevel Advisory #020 - HLstats v1.35 Cross-Site Scripting Vulnerability #3
RedLevel Advisory #020 - HLstats v1.35 Cross-Site Scripting Vulnerability #3






HLstats v1.35 - Cross-Site Scripting Vulnerability #3


HLstats v1.35 - Cross-Site Scripting Vulnerability #3
discovered by John">href="http://john-martinelli.com">John Martinelli of RedLevel">href="http://redlevel.org">RedLevel Security

Google d0rk: "generated">href="http://www.google.com/search?q=%22generated+in+real-time+by+hlstats%22">"generated in real-time by HLstats"



file hlstats.php - variable authusername - method post

action="http://www.target.com/hlstats/hlstats.php?mode=admin&act_sort=description&act_sortorder=asc&weap_sort=code&weap_sortorder=asc" method="post">

file hlstats.php - variable authpassword - method post

action="http://www.target.com/hlstats/hlstats.php?mode=admin&act_sort=description&act_sortorder=asc&weap_sort=code&weap_sortorder=asc" method="post">



The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.