Family: CGI abuses : XSS --> Category: infos
PHPay Information Disclosure Vulnerability Scan
Vulnerability Scan Summary
Searches for the existence of phpinfo.php
Detailed Explanation for this Vulnerability Test
The remote host is running PHPay, an online shop management system.
This package contains multiple information leakages which may allow
a possible hacker to obtain the physical path of the installation on the remote
host or even the exact version of the components used by the remote host,
by using the file admin/phpinfo.nasl which comes with it.
This files make a call to phpinfo() which display a lot of information
about the remote host and how PHP is configured.
A possible hacker may use this flaw to gain a more intimate knowledge
about the remote host and better prepare its attacks.
In addition to this, this version is vulnerable to a cross-site-scripting
issue which may let a possible hacker steal the cookies of your legitimate users.
Solution : Upgrade to PHPay 2.2.1 or newer
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.