TUCoPS :: HP Unsorted X :: b06-2332.htm

Xtremescripts topsites v1.1
Xtremescripts Topsites v1.1
Xtremescripts Topsites v1.1


Xtremescripts Topsites v1.1=0D
=0D
Homepage:=0D
http://www.xtremescripts.com/topsites.php=0D 
=0D
Description:=0D
=0D
Xtreme Topsites is a popular topsite PHP script for websites. Most commonly =0D
  used across anime websites at the moment. The topsite will count hits/clicks =0D
  in and hits out and will rank them on total hits so that the site with the most =0D
  hits will be number 1. =0D
=0D
Effected files:=0D
stats.php=0D
join.php=0D
lostid.php=0D
=0D
Exploit:=0D
stats.php allows embedded objects which in turn can cause a XSS.=0D
=0D
example:=0D
=0D
http://www.example.com/xtremets/stats.php?id=1 pluginspage="http://www.macromedia.com/go/getflashplayer" type="application/x-shockwave-flash" width="=0D 
=0D
0" height="0">=0D
=0D
=0D
lostid.php input data isn't properally sanatized & filtered which allows for XSS=0D
=0D
example:=0D
=0D
put in box: =0D
=0D
Input data on join.php isn't sanatized and can create mysql errors if users input malicious data.=0D
=0D
example:=0D
=0D
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right =0D
=0D
syntax to use near 'hi'','9cdfb439c7876e703e307864c9167a15','0','19052006','-')' at line 2=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH