Hell - Spy . De » Sec http://www.hell-spy.de Anyone who has never made a mistake has never tried anything new. - Albert Einstein Mon, 22 Feb 2010 13:24:57 +0000 en hourly 1 http://wordpress.org/?v=3.0.1 PHP Web Stat XSS http://www.hell-spy.de/2009/05/php-web-stat-xss/ http://www.hell-spy.de/2009/05/php-web-stat-xss/#comments Sat, 16 May 2009 09:19:50 +0000 admin http://www.hell-spy.de/?p=51

The newest version of PHP Web Stat (3.6.28) is vulnerable to a Cross Site Scripting attack, allowing code injection by malicious users. You can find my Proof of Concept here.

]]> http://www.hell-spy.de/2009/05/php-web-stat-xss/feed/ 0 Lansuite / phgstats XSS http://www.hell-spy.de/2009/05/lansuite-xss/ http://www.hell-spy.de/2009/05/lansuite-xss/#comments Sun, 03 May 2009 19:32:32 +0000 admin http://www.hell-spy.de/?p=43

Looks like it’s blogging time. For unknown reasons (unknown my ass – boredom and lack of beer), I took a deeper look at Lansuite. The last version (v3.someting CVS) was full of XSS and SQL injection bugs but after reporting it they fixed many, but not all of them. There are still 3 XSS bugs. Well they don’t directly affect Lansuite but phgstats. You can find a few details about it here. Have fun.

]]> http://www.hell-spy.de/2009/05/lansuite-xss/feed/ 0