-
Bug
-
Resolution: Invalid
-
Major
-
None
-
3.2.5
Can I get some help with this? How can I solve this issue?
CGI Generic Path Traversal (write test)
Synopsis:
Arbitrary files may be modified on the remote host.
Impact:
The remote web server hosts CGI scripts that fail to adequately sanitize request strings and are affected by directory traversal or local file inclusion vulnerabilities. By leveraging this issue, an attacker may be able to modify arbitrary files on the web server or execute commands. See also : https://en.wikipedia.org/wiki/Directory_traversal http://cwe.mitre.org/data/definitions/22.html http://projects.webappsec.org/w/page/13246952/Path%20Traversal http://projects.webappsec.org/w/page/13246949/Null%20Byte%20Injection http://www.nessus.org/u?70f7aa09
Resolution:
Restrict access to the vulnerable application. Contact the vendor for a patch or upgrade.
Data Received:
Using the POST HTTP method, SecurityMetrics found that : + The following resources may be vulnerable to directory traversal (write access) : + The 'sk' parameter of the /phpbb/app.php/gallery/album/8/page/12 CGI : /phpbb/app.php/gallery/album/8/page/12 [sd=d&sk=t../../../../../../../.. /../../windows/system32/config/sam] -------- output -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_sessi ons" width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] -------- vs -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_cache " width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] ------------------------ /phpbb/app.php/gallery/album/8/page/12 [sd=d&sk=t../../../../../../../.. /../../windows/system32/config/sam] {2} -------- output -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_searc h" width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] -------- vs -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_sessi ons" width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] ------------------------ + The 'sk' parameter of the /phpbb/app.php/gallery/album/8/page/3 CGI : /phpbb/app.php/gallery/album/8/page/3 [sd=d&sk=t../../../../../../../../ ../../tmp] -------- output -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_cache " width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] -------- vs -------- <div> <a id="bottom" class="anchor" accesskey="z"></a> <img src="./../../../../../cron.php?cron_type=cron.task.core.tidy_sessi ons" width="1" height="1" alt="cron" /></div> <script src="./../../../../../assets/javascript/jquery.min.js?asse [...] ------------------------