Hi, Seems that this flaw has already a script AWStats Debug Remote Information Disclosure And Code Execution vulnerabilities Family CGI abuses Nessus Plugin ID 16456 Bugtraq ID 12545 12543 12572 >How do I submit this nasl for inclusion in nessus You can send your script to plugins@private David -----Message d'origine----- De : plugins-writers-bounces@private [mailto:plugins-writers-bounces@private] De la part de Josh Zlatin-Amishav Envoyé : lundi 9 mai 2005 09:18 À : plugins-writers@private Objet : [Plugins-writers] nasl for awstats <=6.3 vulnerability Hi, I wrote a nasl to check for the awstats vulnerability bugtraq ID# 12543. The nasl is shown below. While this is my first nasl I would appreciate any feedback. How do I submit this nasl for inclusion in nessus? -- - Josh # # This script was written by Josh Zlatin-Amishav <josh at tkos dot co dot il> # # This script is released under the GNU GPLv2 # if(description) { script_id(99999); script_bugtraq_id(12543); script_version ("$Revision: 1.0 $"); name["english"] = "AWStats Plugin Multiple Remote Command Execution Vulnerabilities"; script_name(english:name["english"]); desc["english"] = " The remote host is running AWStats, a free real-time logfile analyzer. quoted from: http://www.securityfocus.com/bid/12543/discussion/ Multiple remote command execution vulnerabilities reportedly affect AWStats. These issues are due to an input validation error that allows a remote attacker to specify commands to be executed in the context of the affected application. An attacker may leverage these issues to execute arbitrary commands with the privileges of the affected web server running the vulnerable scripts. This may facilitate unauthorized access to the affected computer, as well as other attacks. Solution : Upgrade to Awstats 6.4 Risk factor : High"; script_description(english:desc["english"]); summary["english"] = "Checks for vulnerable versions of Awstats"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"Copyright (C) 2005 Josh Zlatin-Amishav"); script_family(english:"CGI abuses"); family["english"] = "CGI abuses"; script_family(english:family["english"]); script_dependencie("http_version.nasl"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # Based on awstats_configdir.nasl by David Maciejak include("http_func.inc"); include("http_keepalive.inc"); port = get_http_port(default:80); if(!get_port_state(port))exit(0); function check(url) { req = http_get(item:url +"/awstats.pl?debug=2", port:port); res = http_keepalive_send_recv(port:port, data:req); if ( res == NULL ) exit(0); # # Note AWstats 5.6 and 6.4 are not vulnerable # if ( egrep(pattern:"Advanced Web Statistics (4\.0|5\.[0-5]|5\.[7-9]|6\.[0-3])", string:res) ) { security_hole(port); exit(0); } } check(url:"/awstats"); foreach dir ( cgi_dirs() ) { check(url:dir); } _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers __________ Information NOD32 1.1090 (20050508) __________ Ce message a ete verifie par NOD32 Antivirus System. http://www.nod32.com _______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Mon May 09 2005 - 05:21:47 PDT