The administration page is used to completely control the web application. An administration page has full privilege to the web application and can change any content in the server. If proper access is not given to the web content, there will be a chance for the server to be breached. This vulnerability is prone to Directory traversal or Path Traversal. It is an HTTP attack that allows attackers to access restricted directories and also execute commands outside of the web server’s root directory.
Impact
The impact for this vulnerability include:-
- An attacker will gain complete access to the application.
- Possible manipulation of data.
- Possible leakage of sensitive information.
- Reading, updating and deleting arbitrary data/tables from the database
- Executing commands on the underlying operating system
Mitigation / Precaution
This vulnerability can be fixed by:-
- Ensuring you have installed the latest version of your web server
- Effectively filtering all the user input
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.