.. / CVE-2012-4547

Exploit for AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting (CVE-2012-4547)

Description:

AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

Nuclei Template

View the template here CVE-2012-4547.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2012/CVE-2012-4547.yaml
Copy

References:

http://openwall.com/lists/oss-security/2012/10/29/7
https://www.exploit-db.com/exploits/36164
http://awstats.sourceforge.net/docs/awstats_changelog.txt
https://nvd.nist.gov/vuln/detail/CVE-2012-4547
http://openwall.com/lists/oss-security/2012/10/26/1