Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Guestbook Script include_files Parameter Remote File Include Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to read /etc/passwd using Guestbook Script

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
remote file include issues.

Description :

The remote host is running Guestbook Script, a free guestbook written
in PHP.

The version of Guestbook Script installed on the remote host fails to
sanitize input to the 'include_files' array parameter before using it
in a PHP 'include()' function in various scripts. Provided PHP's
'register_globals' setting is enabled, an unauthenticated attacker may
be able to exploit this issue to view arbitrary files on the remote
host or to execute arbitrary PHP code, possibly taken from third-party

Note that the application must be running under PHP 5 for a possible hacker
to take code from third-party hosts.

See also :

Solution :

Upgrade to Guestbook Script 1.9 or later.

Threat Level:

Medium / CVSS Base Score : 4.7

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.