Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: infos

PHPay Information Disclosure Vulnerability Scan

Vulnerability Scan Summary
Searches for the existence of phpinfo.php

Detailed Explanation for this Vulnerability Test

The remote host is running PHPay, an online shop management system.

This package contains multiple information leakages which may allow
a possible hacker to obtain the physical path of the installation on the remote
host or even the exact version of the components used by the remote host,
by using the file admin/phpinfo.nasl which comes with it.

This files make a call to phpinfo() which display a lot of information
about the remote host and how PHP is configured.

A possible hacker may use this flaw to gain a more intimate knowledge
about the remote host and better prepare its attacks.

In addition to this, this version is vulnerable to a cross-site-scripting
issue which may let a possible hacker steal the cookies of your legitimate users.

Solution : Upgrade to PHPay 2.2.1 or newer
Threat Level: Low

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.