dl_stats Multiple Vulnerabilities (SQLI, XSS, Unprotected Admin Panel)

Please view the original advisory here.

The very popular download manager dl_stats suffers from various vulnerabilities.

#1 SQL Injection

#2 XSS

#3 Unprotected Admin Panel

The vendor seems to have rewritten the software, since version 2.0 dl_stats is no longer vulnerable to SQLI and XSS. But… 90 percent of the websites using dl_stats did NOT upgrade to the latest version. Therefore thousands of websites are vulnerable.

These vulnerabilities may have a great impact since so many websites are using dl_stats. Nevertheless I think that dl_stats is great software, it is the sort of download manger which is easy to install and use. Version 2.0 fixed the vulnerabilities (except the unprotected admin panel.. ..Jesus, why do developers still do such things 😀 ) and therefore dl_stats is very suitable when it comes down to offering a simple download solution to your website visitors.

This advisory was released for educational purposes. I don’t want to motivate you to break in somewhere or cause any damage. Always respect your local laws! 🙂

One thought on “dl_stats Multiple Vulnerabilities (SQLI, XSS, Unprotected Admin Panel)

Comments are closed.