AWStats 5.x/6.x – ‘Logfile’ Remote Command Execution

漏洞ID	1054905	漏洞类型
发布时间	2005-02-16	更新时间	2005-02-16
CVE编号	N/A	CNNVD-ID	N/A
漏洞平台	CGI	CVSS评分	N/A

|漏洞来源

https://www.exploit-db.com/exploits/25108

|漏洞详情

漏洞细节尚未披露

|漏洞EXP

source: http://www.securityfocus.com/bid/12572/info

AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data.

Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl 'open()' routine. This issue is considered distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability).

AWStats versions 5.4 to 6.1 are reported vulnerable to this issue. 

http://www.example.com/cgi-bin/awstats.pl?update=1&logfile=|/bin/ls|

相关推荐: Invision Board Overlapping IBF Formatting Tag HTML Injection Vulnerability

Invision Board Overlapping IBF Formatting Tag HTML Injection Vulnerability 漏洞ID 1099764 漏洞类型 Input Validation Error 发布时间 2003-08-0…