AnsweredAssumed Answered

QID 150004 : Path-Based Vulnerability

Question asked by Ze Mysterious on Oct 24, 2016
Latest reply on Oct 24, 2016 by Will Bechtel

Hello,

 

Following our scans, we noticed several vulnerabilities regarding Path-Based vulnerabilities. 

 

Some Examples :

 

Payload
@PATH@include/
Request
GET http://www.xxx.com/index.php/search/include/

#1 Response
HTTP/1.1 200 OK

 

Payload
@PATH@install/
Request
GET http://www.xxx.com/index.php/search/install/

 

#1 Request
Payload
@PATH@config/
Request
GET http://www.linkbynet.com/index.php/search/config/

#1 Response
HTTP/1.1 200 OK

 

What exactly Qualys is searching for ? and how can verify whether it is a false positive or real alerts??

 

Thanking you in advance.

Regards,

Azhar

Outcomes