| GEN:SID | 1:2153 |
| Message | WEB-PHP autohtml.php directory traversal attempt |
| Summary | This event is generated when a remote user attempts to access autohtml.php on a web server. This may indicate an attempt to exploit a directory traversal vulnerability in PHP-Proxima, a web site portal application.
|
| Impact | Information gathering.
|
| Detailed Information | This event may indicate an attempt to exploit a vulnerability in the autohtml.php script within PHP-Proxima. An attacker can use directory traversal techniques when accessing autohtml.php to view hidden files and directories on the web server with the access privileges of the server.
|
| Affected Systems | Any server running PHP-Proxima.
|
| Attack Scenarios | An attacker can use directory traversal techniques when executing autohtml.php to view directories and files on the web server.
|
| Ease of Attack | Simple. A proof of concept exists.
|
| Corrective Action | Comment out or remove the "include("autohtml/$name");" line from the autohtml.php script.
|
| Additional References | Bugtraq http://www.securityfocus.com/bid/7598
Nessus http://cgi.nessus.org/plugins/dump.php3?id=11630
|
| Rule References | nessus: 11630
|