GEN:SID | 1:2360 |
Message | WEB-PHP myphpPagetool pt_config.inc file include |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the PHP web application MyphpPagetool.
|
Impact | Execution of arbitrary code on the affected system
|
Detailed Information | MyphpPagetool contains a flaw such that it may be possible for an attacker to include code of their choosing by manipulating the variable ptinclude when making a GET or POST request to a vulnerable system.
It may be possible for an attacker to execute that code with the privileges of the user running the webserver, usually root by supplying their code in the file pt_config.inc.
|
Affected Systems | myphpPagetool 0.4.3 -1
|
Attack Scenarios | An attacker can make a request to an affected script and define their own path for the ptinclude variable.
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Apply the appropriate vendor supplied patches
Upgrade to the latest non-affected version of the software
|
Additional References | |
Rule References | bugtraq: 6744
|