PHP Counter is susceptible to cross site scripting and SQL injection vulnerabilities. Exploitation details provided.
fe6f83fddf807501ff863ae0df830e71a2e3dffac6cbb41176b5e850d230df7e
------------------------------------------------------
Nightmare TeAmZ Advisory 001
------------------------------------------------------
Date - 10/2005
Complete PHP Counter Multiple Vulnerability
AFFECTED PRODUCTS
=================
Complete PHP Counter
http://www.dotcombuilder.com
OVERVIEW
========
The counter website allows visitors to search for the top visited websites
participating in the counter program. | | Websites can list their sites for
free and in return they will receive a counter for their website. After a
website has registered, he/she is able to select the category that best
describes their website, add a description and copy and paste the counter
code for their website. Statistics are provided for each website.
DETAILS
=======
1. XSS
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into
a vulnerable application to fool a user in order to gather data from them.
2. Sql Injection
An unauthenticated attacker may execute arbitrary SQL statements on the
vulnerable system. This may compromise the integrity of your database and
expose sensitive information
POC
===
1.
------
Xss At This Url
http://www.[host].com/[php-counter]/list.php?c='><script>alert(document.cookie);</script>
2.
------
Sql Injection At This Url:
http://www.[host].com/[php-counter]/list.php?c='&s='
SOLUTION:
=========
vendor contacted:
Venditor Non Response...
Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ
Site: http://www.NightmareTeAmZ.altervista.org
_________________________________________________________________
Personalizza MSN Messenger con sfondi e fotografie!
http://www.ilovemessenger.msn.it/