Skip to content

Information Disclosure: AWStats Exposure¶

Identifier: awstats_exposure

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

When configuration files for AWStats are mistakenly made public, attackers can access sensitive setup details, logs, or even credentials hidden within.

How we test: We scan for exposed AWStats configuration files and analyze responses to detect if sensitive setup details, logs, or credentials are accessible. We check if configuration files are accessible via web servers and verify if file access rights and server configurations are properly secured.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  awstats_exposure:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.