AWStats 5.x/6.x – ‘Logfile’ Remote Command Execution

34次阅读
没有评论

AWStats 5.x/6.x – ‘Logfile’ Remote Command Execution

漏洞ID 1054905 漏洞类型
发布时间 2005-02-16 更新时间 2005-02-16
AWStats 5.x/6.x - 'Logfile' Remote Command ExecutionCVE编号 N/A
AWStats 5.x/6.x - 'Logfile' Remote Command ExecutionCNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25108
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/12572/info

AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data.

Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl 'open()' routine. This issue is considered distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability).

AWStats versions 5.4 to 6.1 are reported vulnerable to this issue. 

http://www.example.com/cgi-bin/awstats.pl?update=1&logfile=|/bin/ls|

相关推荐: Invision Board Overlapping IBF Formatting Tag HTML Injection Vulnerability

Invision Board Overlapping IBF Formatting Tag HTML Injection Vulnerability 漏洞ID 1099764 漏洞类型 Input Validation Error 发布时间 2003-08-0…

正文完
 0