Description - Clever Copy Referer and X-Forwarded-For XSS
Cross Site Scripting found in Clever Copy V3 script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable script: stats/script.php
Variables $_SERVER['HTTP_REFERER'] $_SERVER['HTTP_X_FORWARDED_FOR'] are not properly sanitized. This can be used to post HTTP query with fake Referer or X-Forwarded-For values which may contain arbitrary html or script code. This code will be executed when administrator will open Site Stats.
Administrator's session is threatened.
Order Source Code Analysis
Protect your site or web application by source code audit of your website done by eVuln team.The work will be done by specialists in web application security.