Information Leakage : Vulnerable Checks on Open Awstats and Webalizer
AKS aka 0kn0ck , CERA
View:
The traffic analyzers are used to keep a track on the incoming packets and the type of resource requested. It not only
encompass the working procedure but also the bandwidth and resource utilization. The raw stats provide the way request
is made by the client or user. This helps in understanding the flow of traffic and the place from where it originates.
It has been noticed that server administration problems results in open check on awstats or webalizer files. Through
Google Dorking it is possible to traverse along the index websites to find the vulnerable ones. After finding number
of websites it is good enough to understand and have a look at the error responses and genuine traffic list. This
leverage lot of information of the traffic and the configuration of the server. It favors penetration process as well
as hacking in other sense too.Lets look at the information extracted:
Error Check 1: Path Information of Websites.
Error: Couldn't open config file "awstats.cgi.racing.hu.conf" nor "awstats.conf" after searching
in path "e:\www\racing.cgi\awstat,/etc/awstats,/usr/local/etc/awstats,/etc,/etc/opt/awstats":
No such file or directory
- Did you use the correct URL ?
Example: http://localhost/awstats/awstats.pl?config=mysite
Example: http://127.0.0.1/cgi-bin/awstats.pl?config=mysite
- Did you create your config file 'awstats.cgi.racing.hu.conf' ?
If not, you can run "e:\www\racing.cgi\awstat/tools/awstats_configure.pl" from command line, or create it manually.
Check config file, permissions and AWStats documentation (in 'docs' directory).
Error Check 2 : Local Server Configuration Check.
CGIWrap Error: Script File Not Found!
Script File Not Found!
Local Information and Documentation:
Contact EMail: abi@zone.ee
Server Data:
Server Administrator/Contact: apache-admins@zone.ee
Server Name: elica.fi
Server Port: 80
Server Protocol: HTTP/1.0
Virtual Host: elica.fi
Request Data:
User Agent/Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4
Request Method: GET
Remote Address: 210.212.48.4
Remote Port: 49450
Extra Path Info: /virt7652/awstat.pl
Referring Page: http://www.google.co.in/search?hl=en&q=inurl%3Aawstat.pl++&btnG=Search&meta=
Error Check 3 : Index Check.
Index of /stats/awstat
* Parent Directory
* stats_www.html
:: progressive ::
Array ( ) Array ( [page] => awstat )
awstat
awstats
test
php.php
test.php
test2.php
Error Check 4 : Direct Traffic Stats.
AWStats V5.2
Statistics of : www.haibei.net
Last Update : 15 Mar 2008 - 04:50
Reported period :
When : Month/Day Days of week Hours
Who : Domains/Countries Hosts Full list Last visit Unresolved IP Address Robots/Spiders visitors Full list Last visit
Navigation : Visits duration Viewed Full list Entry Exit Files type Operating Systems Browsers Versions
Referers : Origin Refering search engines Refering sites Search Search Keyphrases Search Keywords
Others : HTTP Errors Pages not found
First visit Summary Last visit
01 Mar 2008 - 00:00 Month Mar 2008 15 Mar 2008 - 04:44
Unique visitors Number of visits Pages Hits Bandwidth
2685 4281
(1.59 visits/visitor) 14650
(3.42 pages/visit) 15837
(3.69 hits/visit) 1.15 GB
(280.91 KB/visit)
Error Check 5 : Getting Plugins Information.
Parent Directory 26-Jun-2007 06:18 -
[TXT] decodeutfkeys.pm 26-Feb-2007 08:31 3k
[DIR] example/ 26-Feb-2007 08:31 -
[TXT] geoip.pm 26-Feb-2007 08:31 7k
[TXT] geoipfree.pm 26-Feb-2007 08:31 4k
[TXT] graphapplet.pm 26-Feb-2007 08:32 5k
[TXT] hashfiles.pm 26-Feb-2007 08:32 5k
[TXT] hostinfo.pm 26-Feb-2007 08:32 7k
[TXT] ipv6.pm 26-Feb-2007 08:32 2k
[TXT] rawlog.pm 26-Feb-2007 08:32 5k
[TXT] timehires.pm 26-Feb-2007 08:32 2k
[TXT] timezone.pm 26-Feb-2007 08:32 3k
[TXT] tooltips.pm 26-Feb-2007 08:32 8k
[TXT] urlalias.pm 26-Feb-2007 08:32 5k
[TXT] userinfo.pm 26-Feb-2007 08:32 4k
Error Check 6 : Application Access Error Codes.
692 1 0.02% 535 authorization failed delphi
693 1 0.02% 535 authorization failed mdaemon
694 1 0.02% 544 5.7.1 client host rejected access denied
695 1 0.02% 544 smtp error unable to route to domain
696 1 0.02% 544 unable to route to domain.
697 1 0.02% 550 5.7.1 requested action not taken: message refused (in reply
698 1 0.02% 550 5.7.1 requested action not taken: message refused form php
699 1 0.02% 550 authentication is required for relay windows vista outlook
700 1 0.02% 550 backend replied
701 1 0.02% 550 domain of forward path is not allowed domino
702 1 0.02% 550 domain of forward path is not allowed error in imss
703 1 0.02% 550 domain of forward path is not allowed exchange 2007
704 1 0.02% 550 invalid recipient javamail
705 1 0.02% 550 invalid recipient port: 25 secure(ssl): no server error: 55
706 1 0.02% 550 mailbox unavailable or access denied
707 1 0.02% 550 mailbox unavailable or access denied javamail
708 1 0.02% 550 relaying mail to msn.com is not allowed outlook 2007 vista
709 1 0.02% 550 relaying mail to xxx is not allowed office outlook
710 1 0.02% 550 relaying mail to... error number:0x800ccc69
711 1 0.02% 550 smtp bellsouth unauthorized interface
712 1 0.02% 550 too many invalid recipients
713 1 0.02% 550 unauthorized interface from bellsouth mail server
789 1 0.02% \554 transaction failed spam message not queued
790 1 0.02% \xb0\xb2\xc8\xab\xb5\xc4\xb5\xe7\xd7\xd3\xd3\xca\xbc\xfe
791 1 0.02% \xb1\xb1\xbe\xa9 \xcd\xf8\xc2\xe7\xbc\xbc\xca\xf5\xb7\xfe\xce\x
792 1 0.02% \xb1\xb1\xbe\xa9\xb4\xba\xb5\xd1\xcd\xf8\xc2\xe7\xd0\xc5\xcf\xa
793 1 0.02% \xb4\xf3\xd4\xcb\xb4\xe5\xc2\xdb\xcc\xb3
794 1 0.02% \xb5\xe7\xd7\xd3\xd3\xca\xbc\xfe\xcf\xb5\xcd\xb3
795 1 0.02% \xbb\xa5\xc1\xaa\xcd\xf8\xd0\xad\xbb\xe1\xb7\xb4\xc0\xac\xbb\xf
796 1 0.02% \xbd\xf0\xb5\xd1\xd3\xca\xbc\xfe
797 1 0.02% \xbf\xcd\xbb\xa7\xb6\xcb\xba\xcd\xb7\xfe\xce\xf1\xc6\xf7\xb6\xc
798 1 0.02% \xc8\xe7\xba\xce\xc9\xe8\xd6\xc3\xb5\xe7\xd7\xd3\xd3\xca\xcf\xe
799 1 0.02% \xc8\xe7\xba\xce\xca\xb9\xd3\xc3foxmail\xca\xd5\xb7\xa2aol\xb5\
800 1 0.02% \xc8\xe7\xba\xce\xd3\xc3\xb5\xe7\xd7\xd3\xd3\xca\xbc\xfe\xb7\xa
801 1 0.02% \xcb\xb0\xce\xf1\xd3\xca\xbc\xfe
802 1 0.02% \xd3\xca\xbc\xfe\xcf\xb5\xcd\xb3\xb0\xb2\xc8\xab
1944 1 0.02% nokia smart suite 6227 free
1945 1 0.02% nokia software updater error 1327. invalid drive: d:\
1946 1 0.02% nokia software updater error 1720
1947 1 0.02% norton 3038 103
1948 1 0.02% norton [program name] has a license problem... (3038102)
1949 1 0.02% norton antivirus error 3038102
1950 1 0.02% norton antivirus error code 10 mac os x
1951 1 0.02% norton error 412 cisco
1952 1 0.02% norton error 5011360
1953 1 0.02% norton error 8700108
1954 1 0.02% norton internal error 2330
1955 1 0.02% norton internal error 3038103
1956 1 0.02% norton internal program error
1957 1 0.02% norton internal program error 3038107
1958 1 0.02% norton license problem (3038 102)
1959 1 0.02% norton license problem 3038 102
1855 1 0.02% message status transaction error bad format blackberry
1856 1 0.02% message status: transaction error ?? bad format blackberry
1857 1 0.02% message still undelivered after 4 hours will keep trying until
1858 1 0.02% message temporarily deferred - [70]
1859 1 0.02% messagelabs
1860 1 0.02% messaging agent failed to start error code 5302
1861 1 0.02% messagingexception: 550 5.7.1 access denied
1862 1 0.02% messagingexception: 550 5.7.1 requested action not taken
1863 1 0.02% mfc 5460 remote setup password
1738 1 0.02% kyocera 1820 error 1102
1739 1 0.02% kyocera 1820 folder ip config send
1740 1 0.02% kyocera 1820 hacking
1741 1 0.02% kyocera 1820 ssl
1742 1 0.02% kyocera 1920 how to reset admin password
1743 1 0.02% kyocera 2550 unable to find smtp
1744 1 0.02% kyocera 3050 default password
1745 1 0.02% kyocera 3050 error 1101
1746 1 0.02% kyocera 3050 error 2101
1747 1 0.02% kyocera error 1102
1748 1 0.02% kyocera error 1106
1408 1 0.02% exchange 2003 #5.5.0 smtp;571 delivery not authorized message r
1409 1 0.02% exchange 2003 responded to the smtp command rcpt with 553 sorry
1410 1 0.02% exchange 2003 sizelimit; message size exceeds fixed maximum siz
1411 1 0.02% exchange 2003 the remote server returned an error: (401) unauth
1412 1 0.02% exchange 2003 there was a smtp communication problem with the r
1413 1 0.02% exchange 2003 tr-
1414 1 0.02% exchange 2007 and event id: 4001 and ms exchange system attenda
Error Check 7 : Direct Search Information
Summary Period: July 2001 - Search String
Generated 01-Aug-2001 04:07 CDT
Hits Search String
---------------- ----------------------
282 1.43% character education
182 0.92% john dewey
101 0.51% cartoons
94 0.48% philosophy of education
93 0.47% www.irs.gov
93 0.47% www.irs.gov.com
72 0.36% snoopy
58 0.29% dove
55 0.28% virtual cdrom
41 0.21% n32d408.exe
40 0.20% papyrus
38 0.19% yahoo briefcase download limit hacker 2.1.1
37 0.19% navy pier
35 0.18% human anatomy
35 0.18% universe
35 0.18% woodstock
33 0.17% cuip
33 0.17% sendtox
32 0.16% monkey
32 0.16% philosophy of education society
32 0.16% xcdroast
30 0.15% akenaton
29 0.15% john dewey quotes
26 0.13% energy
26 0.13% panther
25 0.13% old software
25 0.13% telnet
25 0.13% virtual cdrom drive
24 0.12% convert pdf to doc
23 0.12% irs.gov.com
23 0.12% swf to fla converter
22 0.11% wit
21 0.11% steven hawkings
21 0.11% videowave 4 warez
20 0.10% camel
20 0.10% hector.mpg
20 0.10% nuclear
20 0.10% orangefolder
20 0.10% sears tower
20 0.10% snoopy clip art
20 0.10% swf decompiler
20 0.10% yvette gartner
19 0.10% html pull down menu
19 0.10% supplemental application
19 0.10% videowave crack
19 0.10% water cycle
18 0.09% irs.gov
18 0.09% john dewey society
18 0.09% nuclear power plant
18 0.09% power plant
17 0.09% animated gifs download
17 0.09% blue ribbon clip art
17 0.09% disney cartoons
17 0.09% javascript scrollbar
17 0.09% joel maguen
17 0.09% porsha
17 0.09% smiley images
17 0.09% snake
Error Check 7 : Webalizer Traffic stats
Mar 2008 165977 132858 76546 19691 53737 92105178 295373 1148193 1992874 2489656
Feb 2008 166019 136002 81461 13138 95267 309424819 381013 2362376 3944085 4814561
Jan 2008 181919 155256 86376 14038 90696 417596373 435198 2677668 4812940 5639489
Dec 2007 140058 117435 78866 12384 81869 287056412 383917 2444856 3640492 4341822
Nov 2007 148238 125516 75345 12871 76871 254663062 386145 2260356 3765493 4447144
Oct 2007 122938 103101 74182 12967 82709 198524831 401992 2299655 3196148 3811108
Sep 2007 115554 96966 69585 12271 66712 190078152 368149 2087551 2908981 3466637
Aug 2007 138219 118323 81636 18094 74411 235824127 560933 2530720 3668030 4284814
Jul 2007 178944 147451 104875 25886 70185 389038291 802485 3251139 4570984 5547276
Jun 2007 167664 144674 98422 23012 72357 212005310 690388 2952689 4340245 5029931
May 2007 155388 130451 89300 15347 75329 213253642 475785 2768312 4043996 4817056
Apr 2007 146722 126824 94193 14829 80074 195840228 444882 2825815 3804731 4401666
Totals 2995410425 5626260 29609330 44688999 53091160
Error Check 9 : Getting Code Files
use Tk::TextEdit;
use vars qw/$TOP/;
my $TOP;
my $text_frame;
my $counter_frame;
my $textwindow;
my $current_line_label;
my $total_line_label;
my $current_column_label;
my $insert_overstrike_mode_label;
my $about_pop_up_reference;
my $menu;
my $help_menu;
sub about_pop_up
{
my $name = ref($about_pop_up_reference);
if (defined($about_pop_up_reference))
{
$about_pop_up_reference->raise;
$about_pop_up_reference->focus;
}
else
{
my $pop = $TOP->Toplevel();
$pop->title("About");
$pop->Label(-text=>"Gedi (Gregs EDItor)")->pack();
$pop->Label(-text=>"Ver. 1.0")->pack();
$pop->Label(-text=>"Copyright 1999")->pack();
$pop->Label(-text=>"Greg London")->pack();
$pop->Label(-text=>"All Rights Reserved.")->pack();
$pop->Label(-text=>"This program is free software.")->pack();
$pop->Label(-text=>"You can redistribute it and/or")->pack();
$pop->Label(-text=>"modify it under the same terms")->pack();
$pop->Label(-text=>"as Perl itself.")->pack();
$pop->Label(-text=>"Special Thanks to")->pack();
$pop->Label(-text=>"Nick Ing-Simmons.")->pack();
my $button_ok = $pop->Button(-text=>'OK',
-command => sub {$pop->destroy();
$about_pop_up_reference = undef;
} )
->pack();
$pop->resizable('no','no');
$about_pop_up_reference = $pop;
}
}
sub update_indicators
{
my ($line,$column)= split(/\./,$textwindow->index('insert'));
$current_line_label->configure (-text=> "line: $line");
$current_column_label->configure (-text=> "column: $column");
my ($last_line,$last_col) = split(/\./,$textwindow->index('end'));
$total_line_label->configure (-text=> "total lines: $last_line");
my $mode = $textwindow->OverstrikeMode;
my $overstrke_insert='Insert Mode';
if ($mode)
{$overstrke_insert='Overstrike Mode';}
$insert_overstrike_mode_label->configure
(-text=> "$overstrke_insert");
my $filename = $textwindow->FileName;
$filename = 'NoName' unless(defined($filename));
my $edit_flag='';
if($textwindow->numberChanges)
{$edit_flag='edited';}
$TOP->configure(-title => "Gedi $edit_flag $filename");
$textwindow->idletasks;
}
sub Gedi {
my($demo) = @_;
$TOP = $MW->WidgetDemo(
-name => $demo,
-text => 'Gedi master advanced text editor ',
-geometry_manager => 'grid',
-title => 'GEDI Text Editor',
-iconname => 'GEDI',
);
$TOP->withdraw;
$text_frame = $TOP->Frame->pack
(-anchor=>'nw', -expand=>'yes', -fill => 'both'); # autosizing
$counter_frame = $TOP->Frame->pack(-anchor=>'nw');
$textwindow = $text_frame->Scrolled(
'TextEdit',
exportselection => 'true', # 'sel' tag is associated with selections
# initial height, if it isnt 1, then autosizing fails
# once window shrinks below height
# and the line counters go off the screen.
# seems to be a problem with the Tk::pack command;
# height => 40,
-background => 'white',
-wrap=> 'none',
-setgrid => 'true', # use this for autosizing
-scrollbars =>'se')
-> pack(-expand => 'yes' , -fill => 'both'); # autosizing
$TOP->protocol('WM_DELETE_WINDOW'=>
sub{$textwindow->ConfirmExit;}
);
$SIG{INT} = sub {$textwindow->ConfirmExit;};
$current_line_label = $counter_frame
-> Label(-text=>'line: 1')
-> grid(-row=>1,-column=>1, -sticky=>'nw' );
$total_line_label = $counter_frame
-> Label(-text=>'total lines: 1')
-> grid(-row=>2,-column=>1, -sticky=>'nw' );
$current_column_label = $counter_frame
-> Label(-text=>'column: 0')
-> grid(-row=>3,-column=>1, -sticky=>'nw' );
$insert_overstrike_mode_label = $counter_frame
-> Label(-text=>' ')
-> grid(-row=>5,-column=>1, -sticky=>'nw' );
$textwindow->SetGUICallbacks (
[
\&update_indicators,
sub{$textwindow->HighlightAllPairsBracketingCursor}
]
);
$menu = $textwindow->menu;
$TOP->configure(-menu => $menu);
$help_menu = $menu->cascade(-label=>'~Help', -tearoff => 0, -menuitems => [
[Command => 'A~bout', -command => \&about_pop_up]
]);
#$TOP->minsize(30,1);
#$TOP->geometry("80x24");
while()
{$textwindow->insert('insert',$_);}
$textwindow->ResetUndo;
$textwindow->CallNextGUICallback;
# adjust height
$TOP->update;
my $menuheight = ($TOP->wrapper)[1];
my $TOPheight = 30 + $TOP->reqheight + $menuheight;
if ($TOP->screenheight < $TOPheight) {
$textwindow->GeometryRequest($textwindow->reqwidth, $textwindow->reqheight - ($TOPheight - $TOP->screenheight));
}
$TOP->deiconify;
}
__DATA__
So all these errors provide plethora of information on web. Protect with the best administration.