| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CANtF8NBxgiMF_L7L_wQEUV7ekK9D5aKhxgoKd-ZVXZ1yu+325Q@mail.gmail.com>
Date: Mon, 12 Dec 2011 20:02:53 -0600
From: Grandma Eubanks <tborland1@...il.com>
To: Lamar Spells <lamar.spells@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New awstats.pl vulnerability?
Hello,
It certainly happens. It's very random who scanners decide to hit. You may
have JUST been crawled and passed around several lists as possibilities. To
put some perspective on what you're seeing, the company I work for has
about 3k clients and within the past hour (just checked now), we got abut
5,122 attempts for this one vulnerability in our environment.
On Mon, Dec 12, 2011 at 6:30 PM, Lamar Spells <lamar.spells@...il.com>wrote:
> For the past several days, I have been seeing thousands of requests
> looking for awstats.pl like this one:
>
> GET /awstats/awstats.pl ? configdir=|echo;echo YYYAAZ;uname;id;echo
> YYY;echo|
>
> I am dropping these requests due to previous (and very old) issues
> with awstats (see CVE-2006-3682).
>
> But this leaves me wondering if there is a new vuln lurking here somewhere.
>
> Anyone else seeing the same thing?
>
> Regards,
>
> Lamar Spells
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists