|
Family: CGI abuses --> Category: infos
Post-Nuke information disclosure Vulnerability Scan
Vulnerability Scan Summary Determine if a remote host is vulnerable to the opendir.php vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is running post-nuke. It is possible to use it
to acertain the full path to its installation on the server
or the name of the database used, by doing a request like :
/modules.php?op=modload&name=Members_List&file=index&letter=All&sortby=foobar
A possible hacker may use these flaws to gain a more intimate knowledge
of the remote host.
Solution : Change the members list rights to admins only, or disable
the members list module completely
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|