PHP Counter 7.2 is susceptible to a cross site scripting flaw.
ec9bc45f5335ff03bbf960c7eb269e2336ee2411eddca3d5198516c68bbe1552
----------------------------------------------------------
---- Team priestmasters PHP Counter 7.2 XSS Advisorie ----
----------------------------------------------------------
PHP Counter Vendor:
http://www.ekstreme.com/phplabs/phpcounter.php
PHP Counter 7.2 does not filter "<>" tags in EpochPrefix
parameter. Cross site scripting and HTML injection is possible.
Exploitation:
http://www.yourwebsite.org/CounterDirectory/index.php?Plugin=All%20Hits&EpochPrefix="></a></div><script>a=/XSS/%0aalert(a.source)</script>
The injected script is called multiple times.
XSS is hard to do because ' and " are filtered.
greets,
priestmaster
URL: http://www.priestmaster.org
Email: priest@priestmaster.org