Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2153 |
| Message | WEB-PHP autohtml.php directory traversal attempt |
| Summary | This event is generated when a remote user attempts to access autohtml.php on a web server. This may indicate an attempt to exploit a directory traversal vulnerability in PHP-Proxima, a web site portal application. |
| Impact | Information gathering. |
| Detailed Information | This event may indicate an attempt to exploit a vulnerability in the autohtml.php script within PHP-Proxima. An attacker can use directory traversal techniques when accessing autohtml.php to view hidden files and directories on the web server with the access privileges of the server. |
| Affected Systems | Any server running PHP-Proxima. |
| Attack Scenarios | An attacker can use directory traversal techniques when executing autohtml.php to view directories and files on the web server. |
| Ease of Attack | Simple. A proof of concept exists. |
| Corrective Action | Comment out or remove the "include("autohtml/$name");" line from the autohtml.php script. |
| Additional References | Bugtraq http://www.securityfocus.com/bid/7598 Nessus http://cgi.nessus.org/plugins/dump.php3?id=11630 |
| Rule References | nessus: 11630 |
--
DID:833602
--
http://www.aanval.com/