Remote administrative access

OWASP 2013-A7 OWASP 2017-A5 WASC-13

The administration page is used to completely control the web application. An administration page has full privilege to the web application and can change any content in the server. If proper access is not given to the web content, there will be a chance for the server to be breached. This vulnerability is prone to Directory traversal or Path Traversal. It is an HTTP attack that allows attackers to access restricted directories and also execute commands outside of the web server’s root directory.

Impact

The impact for this vulnerability include:-

  • An attacker will gain complete access to the application.
  • Possible manipulation of data.
  • Possible leakage of sensitive information.
  • Reading, updating and deleting arbitrary data/tables from the database
  • Executing commands on the underlying operating system

Mitigation / Precaution

This vulnerability can be fixed by:-

  • Ensuring you have installed the latest version of your web server
  • Effectively filtering all the user input

Latest Articles