GEN:SID | 1:2136 |
Message | WEB-MISC philboard_admin.asp authentication bypass attempt |
Summary | This event is generated when an attempt is made to exploit a weakness in the Philboard ASP application.
|
Impact | Possible administrator access.
|
Detailed Information | This event indicates that an attempt has been made to exploit a weakness in the Philboard ASP application. By setting a cookie value to "True" administration rights are granted to that user. The user would then gain control of the application and have access to all administration functions.
This rule generates an event if the attacker makes a request for the administration page with the cookie "philboard_Admin" value set to true from a source external to the protected network.
|
Affected Systems | Any host using Philboard.
|
Attack Scenarios | An attacker can gain administrator access to the application by making a simple web request.
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
Deny access to this page from sources external to the protected network.
|
Additional References | |
Rule References | bugtraq: 7739
nessus: 11675
|