Hello list,
I noticed that there weren't any NASL's that specifically checked for the
presence of AWStats on web servers, only ones that checked for specific
versions vulnerable to a specific bug, which never reports to the user that
AWStats exists at all on the server. With access to a websites AWStats an
attacker/user is provided an abundance of potentially interesting data, such
as location of administrative backends, logfiles, Basic-Auth usernames etc.
I have attached a NASL that will attempt to search for open AWStats on web
server and report if any found.
Regards
Gareth
www.sensepost.com
I noticed that there weren't any NASL's that specifically checked for the
presence of AWStats on web servers, only ones that checked for specific
versions vulnerable to a specific bug, which never reports to the user that
AWStats exists at all on the server. With access to a websites AWStats an
attacker/user is provided an abundance of potentially interesting data, such
as location of administrative backends, logfiles, Basic-Auth usernames etc.
I have attached a NASL that will attempt to search for open AWStats on web
server and report if any found.
Regards
Gareth
www.sensepost.com