Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2140 |
Message | WEB-PHP p-news.php access |
Summary | This event is generated when an attempt is made to access the p-news bulletin board. |
Impact | Possible escalation of privilege. |
Detailed Information | This event indicates that an attempt has been made to access the p-news bulletin board. The p-news application has a flaw that allows normal users to escalate their privilege level to that of the administrator by using a malformed username. The attacker may be trying to gain administrator access. |
Affected Systems | Any host using php. |
Attack Scenarios | An attacker can take control of the application by supplying a specially crafted malformed username. |
Ease of Attack | Simple. |
Corrective Action | Check the php implementation on the host. Ensure all measures have been taken to deny access to sensitive files. Apply the appropriate vendor patches. Upgrade to the latest non-affected version of the software. Check the host for signs of compromise. |
Additional References | |
Rule References | nessus: 11669 |
--
DID:546279
--
http://www.aanval.com/