![]() "Upgrade to AWStats version 6.6 or later.") Script_set_attribute(attribute:"solution", value: Script_set_attribute(attribute:"see_also", value:"") The privileges of the web server user id.") This issue to execute arbitrary code on the affected host, subject to Provided 'AllowToUpdateStatsFromBrowser' is enabled in theĪWStats site configuration file, an unauthenticated attacker can exploit Input to the 'migrate' parameter before passing it to a Perl 'open()'įunction. The version of AWStats installed on the remote host fails to sanitize "The remote host is running AWStats, a free logfile analysis tool Script_set_attribute(attribute:"description", value: "The remote web server contains a CGI script that allows for the Script_set_attribute(attribute:"synopsis", value: Script_name(english:"AWStats migrate Parameter Arbitrary Command Execution") Script_set_attribute(attribute:"plugin_modification_date", value:"1") This script is Copyright (C) 2006-2022 and is owned by Tenable, Inc. This is the awstats_migrate_cmd_exec.nasl nessus plugin source code. Risk InformationĬVSS V2 Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:ND CVSS Base Score: For more information, see how to use exploits safely. These exploits and PoCs could contain malware. WARNING: Beware of using unverified exploits from sources such as GitHub or Exploit-DB. In any other case, this would be considered as an illegal activity. Exploit-DB: exploits/cgi/webapps/16886.rbīefore running any exploit against any system, make sure you are authorized by the owner of the target system(s) to perform such activity.Exploit-DB: exploits/cgi/webapps/9909.rb.Metasploit: exploit/unix/webapp/awstats_migrate_exec.Here's the list of publicly known exploits and PoCs for verifying the AWStats migrate Parameter Arbitrary Command Execution vulnerability: Provided 'AllowToUpdateStatsFromBrowser' is enabled in the AWStats site configuration file, an unauthenticated attacker can exploit this issue to execute arbitrary code on the affected host, subject to the privileges of the web server user id.Įxploit Available: True (Metasploit Framework, Exploit-DB, Core Impact) The version of AWStats installed on the remote host fails to sanitize input to the 'migrate' parameter before passing it to a Perl 'open()' function. The remote host is running AWStats, a free logfile analysis tool written in Perl. The remote web server contains a CGI script that allows for the execution of arbitrary commands. Name: AWStats migrate Parameter Arbitrary Command ExecutionĮxcluded KB Items: Settings/disable_cgi_scanningĬPE : cpe:/a:laurent_destailleur:awstats Why your exploit completed, but no session was created?.Nessus CSV Parser and Extractor (yanp.sh).Default Password Scanner (default-http-login-hunter.sh).SSH Brute Force Attack Tool using PuTTY / Plink (ssh-putty-brute.ps1).SMB Brute Force Attack Tool in PowerShell (SMBLogin.ps1).Windows Local Admin Brute Force Attack Tool (LocalBrute.ps1).Active Directory Brute Force Attack Tool in PowerShell (ADLogin.ps1).Solution for SSH Unable to Negotiate Errors.Spaces in Passwords – Good or a Bad Idea?.Security Operations Center: Challenges of SOC Teams.SSH Sniffing (SSH Spying) Methods and Defense.Detecting Network Attacks with Wireshark. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |