| As of August 21, 2009 Cenzic now detects a PHP ‘mail.log’ Configuration Option ‘open_basedir’ Restriction Bypass Vulnerability (Bugtraq ID 36007). PHP is prone to a ‘open_basedir’ restriction-bypass vulnerability due to a design error. Successful exploits could allow an attacker to write files in unauthorized locations. This vulnerability is an issue in shared-hosting configurations where multiple users can create and execute arbitrary PHP script code. In such cases, the ’safe_mode’ and ‘open_basedir’ restrictions are expected to isolate users from each other.
Enhancements Made to Cenzic Fault Injection SmartAttacks
The following Fault Injector SmartAttacks were enhanced to improve scanning accuracy and reduce scan time. By receiving new parameters called ‘URLs To Inject’ and ‘Fields To Inject’, a scan can be narrowed down to one specific request and/or field. This feature is useful for quick micro-scans of newly added fields or for preventing these fault injector SmartAttacks from injecting irrelevant fields.
- HTTP Response Splitting (Version 1.4.10)
- Integer Overflow (Version 1.0.10)
- Buffer Overflow (Version 1.4.12)
Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect “holes” in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.
by
Erin Swanson
Eswanson@cenzic.com |
