Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-4454. PoCs published by kefka.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in HLstats 1.34 by injecting a malicious script via the 'q' parameter in the search functionality. The PoC uses a URL-encoded script tag to trigger an alert, proving the lack of input sanitization.
Description
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in HLstats 1.34 by injecting a malicious script via the 'q' parameter in the search functionality. The PoC uses a URL-encoded script tag to trigger an alert, proving the lack of input sanitization.