HTTP: CoolPHP "op" Parameter Directory Traversal
This signature detects directory traversal attempts against CoolPHP. Attackers can use this exploit to execute arbitrary scripts on the PHP server.
Extended Description
Reportedly CoolPHP is affected by multiple remote input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input prior to using it to make critical actions. An attacker can leverage these issues to steal cookie-based authentication credentials as well as carry out other malicious activities through cross-site scripting attacks. An attacker can also leverage this issue to execute arbitrary server-side scripts using file include attacks.
Affected Products
Coolphp web_portal
References
BugTraq: 11437
CVE: CVE-2004-1600
URL: http://cphp.sourceforge.net/ http://www.securityfocus.com/archive/1/378617
Short Name
HTTP:PHP:COOLPHP-DIRTRAV
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
"op" CVE-2004-1600 CoolPHP Directory Parameter Traversal bid:11437
Release Date
11/03/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Coolphp
CVSS Score
5.0