[Snort-sigs] Rule Submit: AWstats Migrate Remote File Include
bhartstein at ...274...
Fri May 5 15:49:02 EDT 2006
This vulnerability only exists when AllowToUpdateStatsFromBrowser is
enabled, which is off by default.
The migrate parameter is passed to an open command without proper
sanitization, which would allow a remote attacker to issue commands
using a PIPE character '|'.
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS
(msg:"BLEEDING-EDGE WEB CGI AWstats Migrate Command Attempt";
flow:established,to_server; uricontent:"/awstats.pl?"; nocase;
classtype:web-application-attack; sid:59595959; rev:1; )
This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged. If you receive this email in error, please advise us by return email immediately. Please also disregard the contents of the email, delete it and destroy any copies immediately. Demarc Security, Inc. does not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email.
This email is also subject to copyright. No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner.
More information about the Snort-sigs