AWStats <= 6.4 - 'awstats.pl' Multiple Path Disclosure Vulnerability

2009-04-19T00:00:00
ID EDB-ID:32870
Type exploitdb
Reporter r0t
Modified 2009-04-19T00:00:00

Description

AWStats 6.4 'awstats.pl' Multiple Path Disclosure Vulnerability. CVE-2006-3682. Webapps exploit for cgi platform

                                        
                                            source: http://www.securityfocus.com/bid/34159/info

AWStats is prone to a path-disclosure vulnerability.

Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.

The following are vulnerable:

AWStats 6.5 (build 1.857) and prior
WebGUI Runtime Environment 0.8.x and prior

http://www.example.com/awstats/awstats.pl?config=HACKdestailleur.fr