Synopsis
The remote web server contains a PHP application that is susceptible to remote file include attacks.
Description
The remote host is running PHPAuction, a PHP script for building auction websites.
The version of PHPAuction installed on the remote host fails to sanitize input to the 'include_path' parameter of several scripts before using it to include PHP code. An unauthenticated, remote attacker can exploit this issue to view arbitrary files on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts.
Note that while successful exploitation requires PHP's 'register_globals' setting to be enabled, the application will not work if that setting is disabled.
Solution
Unknown at this time.
Plugin Details
File Name: phpauction_include_path_file_includes.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:phpauction:phpauction
Required KB Items: www/PHP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Exploitable With
CANVAS (CANVAS)