ezStats for Battlefield 3 – ‘/ezStats2/compare.php’ Multiple Cross-Site Scripting Vulnerabilities

Exploit Database
37 阅读

作者： L0n3ly-H34rT

日期： 2013-02-06
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38295/

source: https://www.securityfocus.com/bid/57759/info

ezStats for Battlefield 3 is prone to multiple cross-site scripting vulnerabilities and a local file include vulnerability. 

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run arbitrary files in the context of the web server process. 

ezStats for Battlefield 3 0.91 is vulnerable; other versions may also be affected.

http://www.example.com/ezStats2/compare.php?common=[XSS] 

http://www.example.com/ezStats2/compare.php?rankings=[XSS]

last Exploits
ezStats for Battlefield 3 – ‘/ezStats2/compare.php’ Multiple Cross-Site Scripting Vulnerabilities的更多信息

Simple Chat System 1.0 – ‘id’ SQL Injection：
Online Exam Test Application – ‘sort’ SQL Injection：
Gongwalker API Manager 1.1 – Cross-Site Request Forgery：
Responsive Realestate Script 3.2 – ‘property-list?tbud’ SQL Injection：
RICOH Aficio MP 301 Printer – Cross-Site Scripting：
Pluck CMS 4.7.13 – File Upload Remote Code Execution (Authenticated)：
Opencart 1.4.9.1 – Arbitrary File Upload：
Elber Wayber Analog/Digital Audio STL 4.00 – Device Config Disclosure：