[41374] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Php Web Statistik Multiple Vulnerabilities

daemon@ATHENA.MIT.EDU (ascii)
Mon Nov 28 14:23:59 2005

Message-ID: <438B345C.6020403@katamail.com>
Date: Mon, 28 Nov 2005 17:46:20 +0100
From: ascii <ascii@katamail.com>
MIME-Version: 1.0
To: full-disclosure@lists.grok.org.uk, ml@sikurezza.org,
        bugtraq@securityfocus.com, news@securiteam.com,
        bugs@securitytracker.com, vuln@secunia.com
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

PHP Web Statistik Multiple Vulnerabilities

  Name              Multiple Vulnerabilities in PHP Web Statistik
  Systems Affected  PHP Web Statistik (verified on 1.4)
  Severity          Medium Risk
  Vendor            www.php-web-statistik.de
  Advisory          http://www.ush.it/2005/11/19/php-web-statistik/
  Author            Francesco aScii Ongaro (ascii at katamail . com)
  Date              20051119

PHP Web Statistik is vulnerable to javascript and HTML injection using
the unchecked $lastnumber variable, proper input validation will fix.
Just place an intval() at the right row. Other vulnerabilities has been
discovered later.

Advisory released on 20051119:
Php Web Statistik Multiple Vulnerabilities
http://www.ush.it/2005/11/19/php-web-statistik/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41374] in bugtraq

Php Web Statistik Multiple Vulnerabilities

daemon@ATHENA.MIT.EDU (ascii)Mon Nov 28 14:23:59 2005

daemon@ATHENA.MIT.EDU (ascii)
Mon Nov 28 14:23:59 2005