The product stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server.
If code is stored in a file with an extension such as ".inc" or ".pl", and the web server does not have a handler for that extension, then the server will likely send the contents of the file directly to the requester without the pre-processing that was expected. When that file contains sensitive information such as database credentials, this may allow the attacker to compromise the application or associated components.
Threat Mapped score: 3.0
Industry: Finiancial
Threat priority: P2 - Serious (High)
CVE: CVE-2002-1886
".inc" file stored under web document root and returned unparsed by the server
CVE: CVE-2002-2065
".inc" file stored under web document root and returned unparsed by the server
CVE: CVE-2005-2029
".inc" file stored under web document root and returned unparsed by the server
CVE: CVE-2001-0330
direct request to .pl file leaves it unparsed
CVE: CVE-2002-0614
.inc file
CVE: CVE-2004-2353
unparsed config.conf file
CVE: CVE-2007-3365
Chain: uppercase file extensions causes web server to return script source code instead of executing the script.
N/A
N/A
| Phase | Note |
|---|---|
| Implementation | N/A |
| Operation | N/A |
Intro: The following code uses an include file to store database credentials:
Body: database.inc
<?php $dbName = 'usersDB'; $dbPassword = 'skjdh#67nkjd3$3$'; ?>