Uninets StatsPlus 1.25 script injection vulnerabilities

["BrainRawt ." <brainrawt () hotmail com>]

Uninets StatsPlus 1.25 script injection vulnerabilities discovered
by BrainRawt (brainrawt () hotmail com)

About StatsPlus:
-------------------
StatsPlus provides a convient way to get indepth statistics about
visitors to your site. Statistics Produced by StatsPlus are similar
to those from a server log, only they are placed neatly into an HTML
table for you to view. StatsPlus can be downloaded at
http://www.uninetsolutions.com/stats.html

It doesnt appear as if statsplus has been modified since 1998.

Vulnerable (tested) Versions:
--------------------
StatsPlus 1.25 Windows
StatsPlus 1.25 Unix

Vendor Contact:
--------------------
7-20-02 - An email was sent to support () uninetsolutions com discussing
          the issue at hand.

7-20-02 - Received an automated response stating that my email had been
          accepted.


Vulnerability:
--------------------
stat.pl neglects to filter any input to the script from visitors to the
monitored webpages.  The stat.pl then writes the visitors information
to an html document called stat.html.  If the visitor was to modify their
HTTP_USER_AGENT or their HTTP_REFERER and add some scripting to either
one, that scripting would be executed by whomever visited the stat.html
document.


Fix:
-------
 No fix has been offered by the vendor as of the writing of this advisory.

 Proper filtering of input would not be hard to implement, if one doesnt 
mind
 rewriting parts of the code.

----------------------------------------------------------------------------------
Run this binary.  Where is the source?  Dont worry, its ok.  HEY!  WHERE DID 
/ GO?


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com