Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

PHP-Fusion Database Backup Disclosure Vulnerability Scan


Vulnerability Scan Summary
Checks the version of the remote PHP-Fusion

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is prone to
information disclosure.

Description :

A vulnerability exists in the remote version of PHP-Fusion that may
allow a possible hacker to obtain a dump of the remote database. PHP-Fusion
has the ability to create database backups and store them on the web
server, in the directory '/fusion_admin/db_backups/'. Since there is
no access control on that directory, a possible hacker may guess the name of
a backuped database and download it.

See also :

http://echo.or.id/adv/adv04-y3dips-2004.txt

Solution :

Use a .htaccess file or the equivalent to control access to files in
the backup directory.

Threat Level:

Medium / CVSS Base Score : 4
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:C)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.