|
Family: CGI abuses --> Category: attack
CodeGrrl Applications Remote File Inclusion Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for remote file inclusion vulnerabilities in CodeGrrl applications
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by a
remote file inclusion vulnerability.
Description :
The remote host appears to be running at least one of the PHP
applications from CodeGrrl - PHPCalendar, PHPClique, PHPFanBase, or
PHPQuotes. Under certain conditions, these applications fail to
sanitize input to the 'siteurl' parameter of the 'protection.php'
script before using it in a PHP 'include' function. Provided PHP's
'register_globals' setting is enabled, an unauthenticated attacker can
exploit this issue to view arbitrary files on the remote host and to
execute arbitrary PHP code, possibly taken from third-party hosts.
See also :
http://www.securityfocus.com/archive/1/416525/30/30/threaded
Solution :
Enable PHP's 'register_globals' setting.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|