Description
report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26037
Various Sources x_refsource_misc
http://securityvulns.ru/Sdocument90.html
Various Sources x_refsource_misc
http://ha.ckers.org/blog/20070823/xss-and-possible-information-disclosure-in-urchin/
Various Sources x_refsource_misc
http://websecurity.com.ua/1283/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482006/100/0/threaded
Scores
EPSS
0.0518
EPSS Percentile
89.9%
Details
CWE
CWE-287
Status
published
Products (1)
roi_revolution/urchin
< 5.7.03
Published
Sep 26, 2007
Tracked Since
Feb 18, 2026