File tampering (AS)

File tampering (AS)

Published on 2008-10-24. Updated on 2009-04-28.

Description:
This script is possibly vulnerable to file tampering.

The scanner detected that user input gets written to a file from the server. This alert requires user confirmation. It may be a false positive. It depends on the file that gets written and how/if user input is santitized before being written to this file. Please make sure that user input is not written to a file that gets interpreted by the web server (for example a PHP file) and check if this file is located inside the application directory.

Impact:
This vulnerability allows attackers to tamper with the content of particular files from the web server.

Recommendation:
Please make sure that user input is properly sanitized before being written to the file.

Tags: Parameter manipulation

Alert Tags: abuse_of_functionality
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: All

References:

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking