Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2153 |
Message | WEB-PHP autohtml.php directory traversal attempt |
Summary | This event is generated when a remote user attempts to access autohtml.php on a web server. This may indicate an attempt to exploit a directory traversal vulnerability in PHP-Proxima, a web site portal application. |
Impact | Information gathering. |
Detailed Information | This event may indicate an attempt to exploit a vulnerability in the autohtml.php script within PHP-Proxima. An attacker can use directory traversal techniques when accessing autohtml.php to view hidden files and directories on the web server with the access privileges of the server. |
Affected Systems | Any server running PHP-Proxima. |
Attack Scenarios | An attacker can use directory traversal techniques when executing autohtml.php to view directories and files on the web server. |
Ease of Attack | Simple. A proof of concept exists. |
Corrective Action | Comment out or remove the "include("autohtml/$name");" line from the autohtml.php script. |
Additional References | Bugtraq http://www.securityfocus.com/bid/7598 Nessus http://cgi.nessus.org/plugins/dump.php3?id=11630 |
Rule References | nessus: 11630 |
--
DID:833602
--
http://www.aanval.com/