Signature Detail
Short Name |
HTTP:PHP:SPHPBLOG-PW-DOWNLOAD |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Simple PHP Blog Password File Download |
Release Date |
2006/06/01 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Simple PHP Blog Password File Download
This signature detects attempts to exploit a known vulnerability against Simple PHP Blog. A successful attack can lead to arbitrary code execution. By downloading the password file, an attacker can modify and upload it back to the server. This provides the attacker complete control over the system with serving process privileges, sometimes root.
Extended Description
Simple PHP Blog is prone to a remote arbitrary file-upload vulnerability. This issue may allow remote attackers to upload arbitrary files, including malicious scripts, and possibly to execute a script on the affected server. Simple PHP Blog 0.4.0 is affected by this issue. Other versions may be vulnerable as well.
Affected Products
- Alexander Palmo Simple PHP Blog 0.4.0
References
- BugTraq: 14667
- CVE: CVE-2005-2733
- URL: http://www.milw0rm.com/exploits/1191