6 matches found
http-awstatstotals-exec NSE Script
Exploits a remote code execution vulnerability in Awstats Totals 1.0 up to 1.14 and possibly other products based on it CVE: 2008-3922. This vulnerability can be exploited through the GET variable sort. The script queries the web server with the command payload encoded using PHP's chr function:...
AWStats Totals 1.14 Remote Command Execution
$Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
AWStats Totals multisort Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
CVE-2008-3922
creationtimestamp| type| source ---|---|--- 2008-09-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6368 2011-05-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/17324 2018-05-29 15:50:33+00:00| seen|...
CVE-2008-3922
CVE-2008-3922 affects AWStats Totals (awstatstotals.php) versions 1.0–1.14. The vulnerability stems from unsanitized sort parameter usage in multisort(), enabling remote code execution by crafting PHP sequences to create an anonymous PHP function. Public references and tooling include Exploit-DB ...
AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution
The remote web server is running a version of awstatstotals.php which does not properly sanitize its 'sort' argument. An attacker can run arbitrary commands on the remote host within the context of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...