GEN:SID | 1:2307 |
Message | WEB-PHP PayPal Storefront remote file include attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the PayPal Storefront PHP web application running on a server.
|
Impact | Possible execution of arbitrary code of the attackers choosing.
|
Detailed Information | This event is generated when an attempt is made to exploit a known vulnerability in the PayPal Storefront PHP web application running on a server. It may be possible for an attacker to include code of their choosing from a source external to the server running the application. This code will execute with the privileges of the user running the web server.
The vulnerability exists due to inadequate verification of include file locations in the application.
|
Affected Systems | PayPal Store Front 3.0, others may also be affected.
|
Attack Scenarios | An attacker might include their code by including the URI to the script in the HTTP GET parameters when calling index.php.
|
Ease of Attack | Simple. Exploits exist.
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
Additional References | |
Rule References | bugtraq: 8791
nessus: 11873
|