——–summary
software: phpArcadeScript
vendors website: http://www.phparcadescript.com/
versions: <= 2.0
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: retard and jim
risk level: medium
——– description
due to phpArcadeScript excessive use of global variables attackers
can very easily inject xss into various portions of the application
in ./includes/tellafriend.php:
21 22 if ($about == "game")
23 {
24 echo $gamename;
25 }
26
27 else
28 {
29 echo $site_title;
30 }
31 ?>
this poor coding is repetative throughought the application, possibly
having more vulnerabilities present in the coding.
——– exploit(s)
——– credit
author(s): retard and jim
email: [email protected]