Advisory for A1Stats

Type securityvulns
Reporter Securityvulns
Modified 2001-05-10T00:00:00


[ Advisory for A1Stats ] [ A1Stats is made by Drummond Miles ] [ Site: ] [ by nemesystm of the DHC ] [ ( - ] [ ADV-0114 ]

/-|=[explanation]=|-\ A1Stats is a CGI package to track website traffic. The package has a view files bug and also gives the possibility to overwrite existing files.

/-|=[who is vulnerable]=|-\ Anyone using a A1Stats that was downloaded before 24/04/01.

/-|=[testing it]=|-\ To test these vulnerabilities, try the following. These two will give you /etc/passwd. This will also give you /etc/passwd but it will show it in a very mangled manner as the CGI adds HTML tags to what it thinks is a file it created itself.

One can also open a file and wreck its contents. http://localhost/cgi-bin/a1stats/a1disp.cgi?|echo%20>a1admin.txt| will empty a1admin.txt. a1admin.txt contains the password to change settings of the CGI. When this file is removed, no one can log in anymore.

/-|=[fix]=|-\ Downloading the latest version will solve this problem. Free, encrypted, secure Web-based email at