|
Full Disclosure
mailing list archives
Re: New awstats.pl vulnerability?
From: Grandma Eubanks <tborland1 () gmail com>
Date: Mon, 12 Dec 2011 20:02:53 -0600
Hello,
It certainly happens. It's very random who scanners decide to hit. You may
have JUST been crawled and passed around several lists as possibilities. To
put some perspective on what you're seeing, the company I work for has
about 3k clients and within the past hour (just checked now), we got abut
5,122 attempts for this one vulnerability in our environment.
On Mon, Dec 12, 2011 at 6:30 PM, Lamar Spells <lamar.spells () gmail com>wrote:
For the past several days, I have been seeing thousands of requests
looking for awstats.pl like this one:
GET /awstats/awstats.pl ? configdir=|echo;echo YYYAAZ;uname;id;echo
YYY;echo|
I am dropping these requests due to previous (and very old) issues
with awstats (see CVE-2006-3682).
But this leaves me wondering if there is a new vuln lurking here somewhere.
Anyone else seeing the same thing?
Regards,
Lamar Spells
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
