File: 2356.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (61 lines) | stat: -rw-r--r-- 1,167 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Rule:  

--
Sid:
2356

--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in the PHP web application WebChat.

--
Impact:
Execution of arbitrary code on the affected system

--
Detailed Information:
WebChat contains a flaw such that it may be possible for an attacker
to include code of their choosing by manipulating the variable
WEBCHATPATH when making a GET or POST  request  to a vulnerable system.

It may be possible for an attacker to execute that code with the
privileges of the user running the webserver, usually root by supplying
their code in the file db_mysql.php.

--
Affected Systems:
	Webdev Webchat 0.77

--
Attack Scenarios:
An attacker can make a request to an affected script and define their
own path for the WEBCHATPATH variable.

--
Ease of Attack:
Simple. No exploit software required.

--
False Positives:
None known

--
False Negatives:
None known

--
Corrective Action:
Apply the appropriate vendor supplied patches

Upgrade to the latest non-affected version of the software

--
Contributors:
Sourcefire Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--