|
|
Family: CGI abuses --> Category: attack
VHCS check_login Authentication Bypass Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Tries to access a restricted script using VHCS
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is prone to an
authentication bypass vulnerability.
Description :
The remote host is running VHCS, a control panel for hosting
providers.
The GUI portion of the version of VHCS installed on the remote host
does not halt script execution if 'check_login()' fails. A possible hacker
can leverage this flaw to bypass authentication and access VHCS
application scripts that would otherwise be restricted.
See also :
http://www.rs-labs.com/adv/RS-Labs-Advisory-2006-1.txt
http://archives.neohapsis.com/archives/bugtraq/2006-02/0166.html
http://www.rs-labs.com/exploitsntools/rs_vhcs_simple_poc.html
http://vhcs.net/new/modules/news/article.php?storyid=25
Solution :
Apply Security Patch 2006-02-09 referenced in the project advisory
above.
Threat Level:
Critical / CVSS Base Score : 10.0
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
