Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SmarterTools SmarterStats web服务器Login.aspx跨域Referer泄露漏洞
Vulnerability Description
SmarterStats是一款可以通过网页浏览器访问帮助站长跟踪网站访问者的程序,并可以产生超过135份跟踪报告。 SmarterTools SmarterStats 6.0 web服务器中的Login.aspx支持在查询字符串中含有txtUser和txtPass参数的URL。攻击者可以通过读取(1)web-server访问日志,(2)web-server Referer日志,或(3)浏览器历史记录发现证书。
CVSS Information
N/A
Vulnerability Type
N/A