Description - UserAgent XSS Vulnerability in raSMP
Cross Site Scripting found in raSMP 2.0.0 script.
Vulnerable scripts:
- common.php
- common/functions.php
- admin/stats.php
Variable $_SERVER['HTTP_USER_AGENT'] isn't properly sanitized. This can be used to post HTTP query with fake User-Agent value which may contain arbitrary html or script code. This code will be executed when administrator will open Site Statistics.
Administrator's authentication is threatened.
Order Source Code Testing made by eVuln
Protect a site or web application by PHP code audit of your website or web application made by Aliaksandr Hartsuyeu.The work will be done by specialists in web security.