CGI Generic Unseen Parameters Discovery

Medium Nessus Plugin ID 44134

Synopsis

A CGI application hosted on the remote web server is potentially prone to information disclosure or privilege escalation.

Description

By sending requests with additional parameters such as 'admin', 'debug', or 'test' to CGI scripts hosted on the remote web server, Nessus was able to generate at least one significantly different response even though the parameters themselves do not actually appear in responses.

This behavior suggests that such a parameter, while unseen, are used by the affected application(s) and may enable an attacker to bypass authentication, read confidential data (like the source of the scripts), modify the behavior of the application(s) or conduct similar attacks to gain privileges.

Note that this script is experimental and may be prone to false positives.

Solution

Inspect the reported CGIs and, if necessary, modify them so that security is not based on obscurity.

See Also

http://projects.webappsec.org/w/page/13246953/Predictable%20Resource%20Location

Plugin Details

Severity: Medium

ID: 44134

File Name: torture_cgi_unseen_parameters.nasl

Version: 1.32

Type: remote

Family: CGI abuses

Published: 2010/01/25

Updated: 2018/11/15

Dependencies: 10107, 39471, 67257, 56242

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 715, 723, 813