GEN:SID | 1:2405 |
Message | WEB-PHP phptest.php access |
Summary | This event is generated when an attempt is made to access the file "phptest.php". BadBlue Personal Edition 2.4 servers could disclose confidential information on the software configuration towards an attacker.
|
Impact | Information gathering. This signature is usually indicative of a reconaissance probe. Succesful exploitation would provide the originator of the attack with the installation path of the software.
|
Detailed Information | Web servers running BadBlue Personal Edition 2.4, a personal file sharing server, are vulnerable to a path disclosure attack. When a client requests the phptest.php file from such a server, the source of the HTTP reply page contains the installation path of the software. This path can be used as information for further attacks.
|
Affected Systems | BadBlue Personal Edition 2.4
|
Attack Scenarios | During the reconaissance phase, an attacker could obtain the installation path of the BadBlue server. This can become valuable information during the later execution of directory traversal or buffer overflow attacks.
|
Ease of Attack | Simple.
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
Additional References | |
Rule References | bugtraq: 9737
|