In-Reply-To: <eb743f98050217110164a4bcc8@xxxxxxxxxxxxxx> Hi. Please check http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf there're some code analysis for awstats. >Received: (qmail 27381 invoked from network); 17 Feb 2005 23:09:56 -0000 >Received: from outgoing.securityfocus.com (HELO outgoing3.securityfocus.com) (205.206.231.27) > by mail.securityfocus.com with SMTP; 17 Feb 2005 23:09:56 -0000 >Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20]) > by outgoing3.securityfocus.com (Postfix) with QMQP > id 8FF59236F8F; Thu, 17 Feb 2005 14:10:30 -0700 (MST) >Mailing-List: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@xxxxxxxxxxxxxxxxx> >List-Help: <mailto:bugtraq-help@xxxxxxxxxxxxxxxxx> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@xxxxxxxxxxxxxxxxx> >List-Subscribe: <mailto:bugtraq-subscribe@xxxxxxxxxxxxxxxxx> >Delivered-To: mailing list bugtraq@xxxxxxxxxxxxxxxxx >Delivered-To: moderator for bugtraq@xxxxxxxxxxxxxxxxx >Received: (qmail 3997 invoked from network); 17 Feb 2005 11:45:31 -0000 >DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; > s=beta; d=gmail.com; > h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; > b=nLCVZEk7LKjqoO+d2+fntjdStVXrCNZSVMNIK29CyEKVCJQ8dByUnvyXq3O0QoIddiOfBowLVRkJFm2CbLDG8igDnYmML2np8hgCiZfim+BvgyZIWH8/yCSNTvbAs/VR60cslwdHHbGG5qP1pDNMbvX3iPGJ7yGp/ZQ0x5pxQbM= >Message-ID: <eb743f98050217110164a4bcc8@xxxxxxxxxxxxxx> >Date: Thu, 17 Feb 2005 14:01:33 -0500 >From: Matt Wilder <grewaru@xxxxxxxxx> >Reply-To: Matt Wilder <grewaru@xxxxxxxxx> >To: bugtraq@xxxxxxxxxxxxxxxxx >Subject: Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3? >In-Reply-To: <20050216205200.GA19342@xxxxxxxxxxxxxxxxxxxx> >Mime-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >References: <20050214081040.3370.qmail@xxxxxxxxxxxxxxxxxxxxx> > <42121439.6020505@xxxxxxxxxxx> <42124CB7.4020909@xxxxxxxxxxx> > <421252E8.8070200@xxxxxxxxxxx> <42126BBB.90606@xxxxxxxxxxxx> > <42126DAD.7090704@xxxxxxxxxxx> > <20050216205200.GA19342@xxxxxxxxxxxxxxxxxxxx> > >Awstats version 5.6 is not succeptable to this as it does not have the >same plugin architecture. Could this be a >= 6.0 bug? > >Matt > > >On Wed, 16 Feb 2005 15:52:00 -0500, Micah Brandon <brandon@xxxxxx> wrote: >> >> >> I'm going to have to disagree. Execution of Perl functions >> is still possible in 6.3. You just have to jimmy it a little and >> try/guess different plugins that may be installed. I got a hit >> with 'hostinfo'. Try this on your server: >> >> http://server/cgi-bin/awstats.pl?config=someconfig&PluginMode=hostinfo+time >> >> Unix time shows up just below 'Whois command failed' error message. >> That's game over in my book. >> >> * Jamie Pratt (jpratt@xxxxxxxxxxx) [050216 01:19]: >> > Still no dice on 6.3, even with the "config=www.site.org" etc,etc.. same >> > error. So.. Can we all agree that 6.3 is not vulnerable, because I'd >> > rather not upgrade to a dev/unstable release for no reason... >> > >> > regards, >> > jamie >> > >> > Herman Sheremetyev wrote: >> > >It works on mine too, though I still have 6.1. I think you may need to >> > >add the config=www.example.com into the url between the '?' and the '&' >> > >for it to work properly though. On my linux boxes with apache 2.0 it >> > >displays the command output in the page but on openbsd with apache 1.3 >> > >it gives a 500 Server Error because the output ends up in the headers >> > >somehow. Either way it works though. >> > > >> > >-Herman >> > > >> >> >
