| Details | |
|---|---|
| Alert ID | 20017 |
| Alert Type | Active |
| Status | release |
| Risk | High |
| CWE | 20 |
| WASC | 20 |
| Technologies Targeted |
Language / PHP |
| Tags |
CVE-2012-1823 CWE-20 OWASP_2017_A09 OWASP_2021_A06 |
| More Info |
Scan Rule Help |
Summary
Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped “=” character, enabling PHP source code disclosure, and arbitrary code execution. In this case, the contents of the PHP file were served directly to the web browser. This output will typically contain PHP, although it may also contain straight HTML.
Solution
Upgrade to the latest stable version of PHP, or use the Apache web server and the mod_rewrite module to filter out malicious requests using the "RewriteCond" and "RewriteRule" directives.Other Info
<?php $x=0; echo '<h1>Welcome!</h1>'; ?>References
- https://owasp.org/www-community/vulnerabilities/Improper_Data_Validation
- https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
- https://cwe.mitre.org/data/definitions/89.html