Full Disclosure mailing list archives
Re: New awstats.pl vulnerability?
From: Grandma Eubanks <tborland1 () gmail com>
Date: Mon, 12 Dec 2011 20:02:53 -0600
Hello, It certainly happens. It's very random who scanners decide to hit. You may have JUST been crawled and passed around several lists as possibilities. To put some perspective on what you're seeing, the company I work for has about 3k clients and within the past hour (just checked now), we got abut 5,122 attempts for this one vulnerability in our environment. On Mon, Dec 12, 2011 at 6:30 PM, Lamar Spells <lamar.spells () gmail com>wrote:
For the past several days, I have been seeing thousands of requests looking for awstats.pl like this one: GET /awstats/awstats.pl ? configdir=|echo;echo YYYAAZ;uname;id;echo YYY;echo| I am dropping these requests due to previous (and very old) issues with awstats (see CVE-2006-3682). But this leaves me wondering if there is a new vuln lurking here somewhere. Anyone else seeing the same thing? Regards, Lamar Spells _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New awstats.pl vulnerability? Lamar Spells (Dec 12)
- Re: New awstats.pl vulnerability? Grandma Eubanks (Dec 12)
- Re: New awstats.pl vulnerability? Bruce Ediger (Dec 12)
- Re: New awstats.pl vulnerability? Nikolay Kichukov (Dec 12)
- Re: New awstats.pl vulnerability? Lamar Spells (Dec 13)
- Re: New awstats.pl vulnerability? Lamar Spells (Dec 16)
- Re: New awstats.pl vulnerability? Lamar Spells (Dec 22)
- Re: New awstats.pl vulnerability? james (Dec 22)
- Re: New awstats.pl vulnerability? xD 0x41 (Dec 23)
- Re: New awstats.pl vulnerability? Nikolay Kichukov (Dec 12)