Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2001 Matt MooreOPENVAS:136141256231010670
HistoryNov 03, 2005 - 12:00 a.m.

PHP3 Physical Path Disclosure Vulnerability

2005-11-0300:00:00
Copyright (C) 2001 Matt Moore
plugins.openvas.org
62

AI Score

7.1

Confidence

Low

JSON

PHP3 will reveal the physical path of the webroot when asked for
a non-existent PHP3 file if it is incorrectly configured.

# SPDX-FileCopyrightText: 2001 Matt Moore
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.10670");
  script_version("2023-12-13T05:05:23+0000");
  script_tag(name:"last_modification", value:"2023-12-13 05:05:23 +0000 (Wed, 13 Dec 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_name("PHP3 Physical Path Disclosure Vulnerability");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2001 Matt Moore");
  script_family("Web application abuses");
  script_dependencies("find_service.nasl", "httpver.nasl", "webmirror.nasl", "DDI_Directory_Scanner.nasl", "gb_php_http_detect.nasl", "global_settings.nasl");
  script_require_ports("Services/www", 80);
  script_exclude_keys("Settings/disable_cgi_scanning");

  script_xref(name:"URL", value:"http://online.securityfocus.com/archive/1/65078");
  script_xref(name:"URL", value:"http://online.securityfocus.com/archive/101/184240");

  script_tag(name:"solution", value:"In the PHP configuration file change display_errors to 'Off':

  display_errors = Off");

  script_tag(name:"summary", value:"PHP3 will reveal the physical path of the webroot when asked for
  a non-existent PHP3 file if it is incorrectly configured.");

  script_tag(name:"insight", value:"Although printing errors to the output is useful for debugging
  applications, this feature should not be enabled on production servers.");

  script_tag(name:"solution_type", value:"Mitigation");
  script_tag(name:"qod_type", value:"remote_analysis");

  exit(0);
}

include("http_func.inc");
include("port_service_func.inc");

port = http_get_port(default:80);
if(!http_can_host_php(port:port))
  exit(0);

url = "/nosuchfile-10303-10310.php3";
req = http_get(item:url, port:port);
res = http_send_recv(port:port, data:req);
if(!res)
  exit(0);

if("Unable to open" >< res) {
  report = http_report_vuln_url(port:port, url:url);
  security_message(port:port, data:report);
  exit(0);
}

exit(99);

AI Score

7.1

Confidence

Low

JSON