AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability

There is no exploit required, the following example is available:|telnet <your ip> <port>

Where the '&config' parameter value is the configuration file for It is reported that the configuration filename can be harvested from the HTML source of the awstats page for the target site.


Privacy Statement
Copyright 2010, SecurityFocus