BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Re: AWStats <= 6.4 Multiple vulnerabilities - can't reproduce in 6.3?
Feb 16 2005 08:52PM
Micah Brandon (brandon vv com)
I'm going to have to disagree. Execution of Perl functions
is still possible in 6.3. You just have to jimmy it a little and
try/guess different plugins that may be installed. I got a hit
with 'hostinfo'. Try this on your server:
http://server/cgi-bin/awstats.pl?config=someconfig&PluginMode=...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
I'm going to have to disagree. Execution of Perl functions
is still possible in 6.3. You just have to jimmy it a little and
try/guess different plugins that may be installed. I got a hit
with 'hostinfo'. Try this on your server:
http://server/cgi-bin/awstats.pl?config=someconfig&PluginMode=...
[ more ]