Detections
Analytics

paFileDB auth.php pafiledbcookie Cookie SQL Injection

medium Nessus Plugin ID 19505

Language:

Synopsis

The remote web server contains a PHP script that is susceptible to SQL injection attacks.

Description

The remote version of paFileDB suffers from a flaw by which an attacker can gain access to the application's administrative control panel by means of a SQL injection attack via a specially crafted cookie.

Note that successful exploitation requires that paFileDB be configured with '$authmethod' set to 'cookies' and that PHP's 'magic_quotes_gpc' setting be disabled.

Solution

Edit '$authmethod' in 'pafiledb.php' to disable cookie-based authentication.

See Also

http://www.security-project.org/projects/board/showthread.php?t=947

Plugin Details

Severity: Medium

ID: 19505

File Name: pafiledb_pafiledbcookie_sql_injection.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 8/25/2005

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/pafiledb

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 8/24/2005

Reference Information

CVE: CVE-2005-2723

BID: 14654