W3Perl Web Statistics Header Manipulation Vulnerability
by Nikola Strahija on January 25th, 2002 Attackers can exploit W3Perl Web Statistics by crafting a HTTP header which contains malicious script code, resulting in a cross-site scripting attack. This issue may also be exploited to falsify log entries.
W3Perl is freely available, open-source web statistics software. W3Perl generates statistics for website usage based on log files and outputs them to HTML. Users can select various levels of detail. W3Perl will run on most Linux and Unix variants as well as Microsoft Windows NT/2000 operating systems.
W3Perl does not sufficiently sanitize the data it processes from log files. As a result, it may be possible for an attacker to inject maliciously constructed data which will end up being displayed on the website running W3Perl.
Attackers can exploit W3Perl Web Statistics by crafting a HTTP header which contains malicious script code, resulting in a cross-site scripting attack. This issue may also be exploited to falsify log entries.
HTTP header manipulation attacks against the web statistics software may allow the attacker to hijack sessions by stealing cookie-based authentication credentials from users.
EXPLOIT:
This issue may be exploited using a utility such as telnet to craft a raw HTTP header.