Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
nasl for awstats <=6.3 vulnerability
josh at tkos
May 9, 2005, 12:17 AM
Post #1 of 2 (770 views)
Permalink
Hi,
I wrote a nasl to check for the awstats vulnerability bugtraq ID# 12543.
The nasl is shown below. While this is my first nasl I would appreciate
any feedback. How do I submit this nasl for inclusion in nessus?
--
- Josh

#
# This script was written by Josh Zlatin-Amishav <josh at tkos dot co dot il>
#
# This script is released under the GNU GPLv2
#

if(description)
{
script_id(99999);
script_bugtraq_id(12543);
script_version ("$Revision: 1.0 $");

name["english"] = "AWStats Plugin Multiple Remote Command Execution
Vulnerabilities";
script_name(english:name["english"]);

desc["english"] = "
The remote host is running AWStats, a free real-time logfile analyzer.

quoted from: http://www.securityfocus.com/bid/12543/discussion/

Multiple remote command execution vulnerabilities reportedly affect AWStats.
These issues are due to an input validation error that allows a remote attacker
to specify commands to be executed in the context of the affected application.

An attacker may leverage these issues to execute arbitrary commands with the
privileges of the affected web server running the vulnerable scripts. This may
facilitate unauthorized access to the affected computer, as well as other
attacks.

Solution : Upgrade to Awstats 6.4
Risk factor : High";

script_description(english:desc["english"]);

summary["english"] = "Checks for vulnerable versions of Awstats";

script_summary(english:summary["english"]);

script_category(ACT_GATHER_INFO);

script_copyright(english:"Copyright (C) 2005 Josh Zlatin-Amishav");
script_family(english:"CGI abuses");

family["english"] = "CGI abuses";
script_family(english:family["english"]);
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
exit(0);
}

#
# The script code starts here
# Based on awstats_configdir.nasl by David Maciejak

include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);

if(!get_port_state(port))exit(0);

function check(url)
{
req = http_get(item:url +"/awstats.pl?debug=2", port:port);
res = http_keepalive_send_recv(port:port, data:req);
if ( res == NULL ) exit(0);
#
# Note AWstats 5.6 and 6.4 are not vulnerable
#
if ( egrep(pattern:"Advanced Web Statistics
(4\.0|5\.[0-5]|5\.[7-9]|6\.[0-3])", string:res) )
{
security_hole(port);
exit(0);
}
}

check(url:"/awstats");
foreach dir ( cgi_dirs() )
{
check(url:dir);
}
RE: nasl for awstats <=6.3 vulnerability [ In reply to ]
dmaciejak at exaprobe
May 9, 2005, 4:55 AM
Post #2 of 2 (759 views)
Permalink
Hi,

Seems that this flaw has already a script

AWStats Debug Remote Information Disclosure And Code Execution
vulnerabilities

Family CGI abuses
Nessus Plugin ID 16456
Bugtraq ID 12545 12543 12572


>How do I submit this nasl for inclusion in nessus
You can send your script to plugins@nessus.org


David

-----Message d'origine-----
De : plugins-writers-bounces@list.nessus.org
[mailto:plugins-writers-bounces@list.nessus.org] De la part de Josh
Zlatin-Amishav
Envoyé : lundi 9 mai 2005 09:18
À : plugins-writers@list.nessus.org
Objet : [Plugins-writers] nasl for awstats <=6.3 vulnerability

Hi,
I wrote a nasl to check for the awstats vulnerability bugtraq ID# 12543.
The nasl is shown below. While this is my first nasl I would appreciate
any feedback. How do I submit this nasl for inclusion in nessus?
--
- Josh

#
# This script was written by Josh Zlatin-Amishav <josh at tkos dot co dot
il>
#
# This script is released under the GNU GPLv2
#

if(description)
{
script_id(99999);
script_bugtraq_id(12543);
script_version ("$Revision: 1.0 $");

name["english"] = "AWStats Plugin Multiple Remote Command Execution
Vulnerabilities";
script_name(english:name["english"]);

desc["english"] = "
The remote host is running AWStats, a free real-time logfile analyzer.

quoted from: http://www.securityfocus.com/bid/12543/discussion/

Multiple remote command execution vulnerabilities reportedly affect AWStats.
These issues are due to an input validation error that allows a remote
attacker
to specify commands to be executed in the context of the affected
application.

An attacker may leverage these issues to execute arbitrary commands with the
privileges of the affected web server running the vulnerable scripts. This
may
facilitate unauthorized access to the affected computer, as well as other
attacks.

Solution : Upgrade to Awstats 6.4
Risk factor : High";

script_description(english:desc["english"]);

summary["english"] = "Checks for vulnerable versions of Awstats";

script_summary(english:summary["english"]);

script_category(ACT_GATHER_INFO);

script_copyright(english:"Copyright (C) 2005 Josh Zlatin-Amishav");
script_family(english:"CGI abuses");

family["english"] = "CGI abuses";
script_family(english:family["english"]);
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
exit(0);
}

#
# The script code starts here
# Based on awstats_configdir.nasl by David Maciejak

include("http_func.inc");
include("http_keepalive.inc");
port = get_http_port(default:80);

if(!get_port_state(port))exit(0);

function check(url)
{
req = http_get(item:url +"/awstats.pl?debug=2", port:port);
res = http_keepalive_send_recv(port:port, data:req);
if ( res == NULL ) exit(0);
#
# Note AWstats 5.6 and 6.4 are not vulnerable
#
if ( egrep(pattern:"Advanced Web Statistics
(4\.0|5\.[0-5]|5\.[7-9]|6\.[0-3])", string:res) )
{
security_hole(port);
exit(0);
}
}

check(url:"/awstats");
foreach dir ( cgi_dirs() )
{
check(url:dir);
}

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

__________ Information NOD32 1.1090 (20050508) __________

Ce message a ete verifie par NOD32 Antivirus System.
http://www.nod32.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal