header-logo
Suggest Exploit
vendor:
Complete PHP Counter
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Complete PHP Counter
Affected Version From: All versions of Complete PHP Counter
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-Not-Provided
CPE: a:complete_php_counter:complete_php_counter
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in Complete PHP Counter

The Complete PHP Counter application is vulnerable to a cross-site scripting (XSS) attack. This vulnerability occurs due to the lack of proper input sanitization by the application. An attacker can exploit this vulnerability by injecting arbitrary script code into the 'c' parameter of the 'list.php' page. When an unsuspecting user visits the affected page, the injected script code will be executed in their browser, potentially allowing the attacker to steal their cookie-based authentication credentials or perform other malicious actions.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input before using it in the application. This can be achieved by implementing proper input validation and output encoding techniques. Additionally, web application firewalls (WAFs) can also help in preventing XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15112/info

Complete PHP Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/[php-counter]/list.php?c='><script>alert(document.cookie);</script>

Navigation

Suggest Exploit

Services By CQR