- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 25108
- Проверка EDB
-
- Пройдено
- Автор
- [email protected]
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- N/A
- Дата публикации
- 2005-02-16
Код:
source: https://www.securityfocus.com/bid/12572/info
AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data.
Specifically, the user-specified 'logfile' URI parameter is supplied to the Perl 'open()' routine. This issue is considered distinct from BID 10950 (AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability).
AWStats versions 5.4 to 6.1 are reported vulnerable to this issue.
http://www.example.com/cgi-bin/awstats.pl?update=1&logfile=|/bin/ls|- Источник
- www.exploit-db.com
