|
|
Family: CGI abuses --> Category: attack
Clever Copy connect.inc Information Disclosure Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Reads Clever Copy's admin/connect.inc file
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
an information disclosure flaw.
Description :
The remote host is running Clever Copy, a free web portal written in
PHP.
The version of Clever Copy installed on the remote host fails to limit
access to the 'admin/connect.inc' include file, which contains
information used by the application to connect to a database. An
unauthenticated attacker can view the contents of this file using a
simple GET command and use the information to launch other attacks
against the affected host.
See also :
http://advisories.echo.or.id/adv/adv28-K-159-2006.txt
Solution :
Limit access to Clever Copy's admin directory using, say, a .htaccess
file.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
