Rule: -- Sid: 2136 -- Summary: This event is generated when an attempt is made to exploit a weakness in the Philboard ASP application. -- Impact: Possible administrator access. -- Detailed Information: This event indicates that an attempt has been made to exploit a weakness in the Philboard ASP application. By setting a cookie value to "True" administration rights are granted to that user. The user would then gain control of the application and have access to all administration functions. This rule generates an event if the attacker makes a request for the administration page with the cookie "philboard_Admin" value set to true from a source external to the protected network. -- Affected Systems: Any host using Philboard. -- Attack Scenarios: An attacker can gain administrator access to the application by making a simple web request. -- Ease of Attack: Simple. No exploit software required. -- False Positives: This event may be generated by an administrator accessing the administration page from an external source. The event will also be generated if Nessus is used to scan the host for this vulnerability. -- False Negatives: None Known. -- Corrective Action: Upgrade to the latest non-affected version of the software. Deny access to this page from sources external to the protected network. -- Contributors: Sourcefire Research Team Brian Caswell <bmc@sourcefire.com> Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: --
