HLStats HLStats.PHP Multiple Input Validation Vulnerabilities

Bugtraq ID:	21740
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 26 2006 12:00AM
Updated:	Jan 02 2007 07:26PM
Credit:	Michael Brooks is credited with the discovery of these vulnerabilities.
Vulnerable:	HLstats HLstats 1.34 HLstats HLstats 1.20
Not Vulnerable:

HLStats HLStats.PHP Multiple Input Validation Vulnerabilities

HLstats is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to compromise the application, access or modify sensitive data, or exploit latent vulnerabilities in the underlying database implementation.

HLstats versions 1.20 to 1.34 are vulnerable.

HLStats HLStats.PHP Multiple Input Validation Vulnerabilities

An attacker can exploit these issues via a web client.

The following example exploit is available:

• /data/vulnerabilities/exploits/21740.php

HLStats HLStats.PHP Multiple Input Validation Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

HLStats HLStats.PHP Multiple Input Validation Vulnerabilities

References:

• HLstats Home Page (HLstats)
  
• HLStats Remote SQL Injection Exploit (Michael Brooks)