|
Family: CGI abuses --> Category: attack
phpauction Admin Authentication Bypass Vulnerability Scan
Vulnerability Scan Summary Attempts to bypass phpauction administrative authentication
Detailed Explanation for this Vulnerability Test
The remote host is running phpauction prior or equal to 2.0 (or a modified
version).
There is a flaw when handling cookie-based authentication credentials which
may allow a possible hacker to gain unauthorized administrative access to the
auction system.
See also : http://pentest.tele-consulting.com/advisories/04_12_21_phpauction.txt
Solution : Upgrade to a version > 2.0 of this software and/or restrict access
rights to the administrative directory using .htaccess.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|