For the past several days, I have been seeing thousands of requests looking for awstats.pl like this one:
GET /awstats/awstats.pl ? configdir=|echo;echo YYYAAZ;uname;id;echo YYY;echo| I am dropping these requests due to previous (and very old) issues with awstats (see CVE-2006-3682). But this leaves me wondering if there is a new vuln lurking here somewhere. Anyone else seeing the same thing? Regards, Lamar Spells _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
