Current time: 12-23-2024, 10:10 PM Hello There, Guest! (LoginRegister)


Post Reply 
AWStats Patch for [ 2001151 ] XSS Issue
Author Message
FeG Offline
Banned

Posts: 222
Joined: Aug 2007
Post: #1
AWStats Patch for [ 2001151 ] XSS Issue
Hi all,

I guess that the AWStats coming with ispCP is affected by the XSS vulnerabilty described here: http://sourceforge.net/tracker/index.php...tid=113764

If so, I'd suppose the attached patch, which is an adapted modification from this one: http://awstats.cvs.sourceforge.net/awsta...view=patch

You can apply this patch by saving the given patch as /usr/lib/cgi-bin/awstats.patch and then executing:
Code:
$ cd /usr/lib/cgi-bin/
$ patch -p0 < awstats.patch
$ rm awstats.patch

Greetings
FeG

PS: On my ispCP / AWStats installation I could not get the POC running, but I'm not sure that it doesn't because Firefox does some blocks on XSS.


Attached File(s)
.txt  awstats.patch.txt (Size: 705 bytes / Downloads: 13)
(This post was last modified: 08-20-2008 01:17 AM by FeG.)
08-19-2008 09:41 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Messages In This Thread
AWStats Patch for [ 2001151 ] XSS Issue - FeG - 08-19-2008 09:41 PM

Forum Jump:


User(s) browsing this thread: 2 Guest(s)