Computer Security

Security Advisory: [Full-disclosure] PsychoStats 3.0.6b and prior
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [CVE-2007-1355] Tomcat documentation XSS vulnerabilities

  [Full-disclosure] Wordpress Akismet XSS flaw

  ACal Web Calendar 2.2.6 Remote File Include Vulnerabilities

  Madirish Webmail v2.0 Remote File Include Vulnerabilities

From:kefka <kefka_(at)_kevinbeardsucks.com>
Date:19.05.2007
Subject:[Full-disclosure] PsychoStats 3.0.6b and prior

newtheme variable only expects "sane" behaivor, no arguement or an
arguement with any special character, etc.. will cause it to error and
display the full path to $pathtohlstats/includes/smarty/Smarty.class.php

$pathtohlstats/server.php?newcss=styles.css&newtheme=%00

Ex: Warning: Smarty error: unable to read resource: "server.html" in
$pathtohlstats/includes/smarty/Smarty.class.php on line 1088


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru