Uninets StatsPlus 1.25 script injection vulnerabilities discovered by BrainRawt (brainrawt@hotmail.com) About StatsPlus: ------------------- StatsPlus provides a convient way to get indepth statistics about visitors to your site. Statistics Produced by StatsPlus are similar to those from a server log, only they are placed neatly into an HTML table for you to view. StatsPlus can be downloaded at http://www.uninetsolutions.com/stats.html It doesnt appear as if statsplus has been modified since 1998. Vulnerable (tested) Versions: -------------------- StatsPlus 1.25 Windows StatsPlus 1.25 Unix Vendor Contact: -------------------- 7-20-02 - An email was sent to support@uninetsolutions.com discussing the issue at hand. 7-20-02 - Received an automated response stating that my email had been accepted. Vulnerability: -------------------- stat.pl neglects to filter any input to the script from visitors to the monitored webpages. The stat.pl then writes the visitors information to an html document called stat.html. If the visitor was to modify their HTTP_USER_AGENT or their HTTP_REFERER and add some scripting to either one, that scripting would be executed by whomever visited the stat.html document. Fix: ------- No fix has been offered by the vendor as of the writing of this advisory. Proper filtering of input would not be hard to implement, if one doesnt mind rewriting parts of the code. ---------------------------------------------------------------------------------- Run this binary. Where is the source? Dont worry, its ok. HEY! WHERE DID / GO? _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
