GEN:SID | 1:2305 |
Message | WEB-PHP chatbox.php access |
Summary | This event is generated when an attempt is made to access the script chatbox.php on a web server running a PHP application.
|
Impact | Denial of Service (DoS).
|
Detailed Information | This event is generated when an attempt is made to access the script chatbox.php on a web server. This application does not perform stringent checks when validating data supplied by the user in the Name field of the script. HTML or script code supplied via that field may cause a Denial of Service condition to occur.
|
Affected Systems | All systems running E107 versions 0.545 and 0.603, other versions may also be affected
|
Attack Scenarios | The attacker could supply some offending HTML code into the name field and cause the DoS.
|
Ease of Attack | Simple.
Proof of concept exists, in the name field enter:
<script type=javascript>alert('foo')</script>
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
Additional References | |
Rule References | bugtraq: 8930
|