[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] New awstats.pl vulnerability?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] New awstats.pl vulnerability?
From: Lamar Spells <lamar.spells@xxxxxxxxx>
Date: Mon, 12 Dec 2011 19:30:26 -0500

For the past several days, I have been seeing thousands of requests
looking for awstats.pl like this one:

GET /awstats/awstats.pl ? configdir=|echo;echo YYYAAZ;uname;id;echo YYY;echo|

I am dropping these requests due to previous (and very old) issues
with awstats (see CVE-2006-3682).

But this leaves me wondering if there is a new vuln lurking here somewhere.

Anyone else seeing the same thing?

Regards,

Lamar Spells

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] New awstats.pl vulnerability?
  - From: Grandma Eubanks
- Re: [Full-disclosure] New awstats.pl vulnerability?
  - From: Bruce Ediger

Prev by Date: Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
Next by Date: Re: [Full-disclosure] Fwd: VSFTPD Remote Heap Overrun (low severity)
Previous by thread: [Full-disclosure] [ MDVSA-2011:186 ] nfs-utils
Next by thread: Re: [Full-disclosure] New awstats.pl vulnerability?
Index(es):
- Date
- Thread