|
Family: CGI abuses --> Category: attack
Webfroot shoutbox file inclusion Vulnerability Scan
Vulnerability Scan Summary Searches for the existence of shoutbox.php
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
directory traversal and code injection vulnerabilities.
Description :
The remote host is running Webfroot Shoutbox, a PHP application that
allows website visitors to leave one another messages.
The version of Webfroot Shoutbox installed on the remote host allows
a possible hacker to read arbitrary files and possibly to inject arbitrary
PHP code into the remote host and gain a shell with the rights of
the web server.
See also :
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0090.html
http://downloads.securityfocus.com/vulnerabilities/exploits/expanded.pl
http://cvs.sourceforge.net/viewcvs.py/shoutbox/shoutbox/docs/readme.txt?rev=1.2&view=markup
Solution :
Upgrade to the Shoutbox 2.35 or later.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|