------------------------------------------------------
      Nightmare TeAmZ Advisory 001
------------------------------------------------------
Date -  10/2005
Complete PHP Counter Multiple Vulnerability



AFFECTED PRODUCTS
=================
Complete PHP Counter
http://www.dotcombuilder.com


OVERVIEW
========
The counter website allows visitors to search for the top visited websites 
participating in the counter program. | | Websites can list their sites for 
free and in return they will receive a counter for their website. After a 
website has registered, he/she is able to select the category that best 
describes their website, add a description and copy and paste the counter 
code for their website. Statistics are provided for each website.


DETAILS
=======
1. XSS

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into 
a vulnerable application to fool a user in order to gather data from them.


2. Sql Injection

An unauthenticated attacker may execute arbitrary SQL statements on the 
vulnerable system. This may compromise the integrity of your database and 
expose sensitive information



POC
===

1.
------

Xss At This Url
http://www.[host].com/[php-counter]/list.php?c='><script>alert(document.cookie);</script>

2.
------

Sql Injection At This Url:
http://www.[host].com/[php-counter]/list.php?c='&s='


SOLUTION:
=========
vendor contacted:
Venditor Non Response...



Credits
=======
This vulnerability was discovered and researched by
BiPi_HaCk of Nightmare TeAmZ

Site: http://www.NightmareTeAmZ.altervista.org

_________________________________________________________________
Personalizza MSN Messenger con sfondi e fotografie! 
http://www.ilovemessenger.msn.it/