An attacker can inject malicious code into update_settings.php to execute any malicious code on the system. An attacker can also inject malicious code into the update_settings.php file to steal sensitive information like user credentials, etc. An attacker can also inject malicious code into the update_settings.php file to launch denial of service attacks. There can be many other ways in which an attacker can exploit this software.
The ip/tour/admin/operations/update_settings.php file is vulnerable to Remote code execution. An attacker can exploit this vulnerability to execute arbitrary code on the system.
Recommendations:
1. Run the update_settings.php file through a Hping3 - Snort - Burp Scanner to confirm if it is infected or not.
2. If the update_settings.php file is infected then best practice is to remove the file from the system.
3. If update_settings.php is not present then install a firewall software like ShieldsUP to avoid this issue in future.
4. If there is no firewall software installed in the system then install one to avoid this issue in future.
5. Most importantly if the system is connected to the internet then make sure that it is connected to an Intrusion Detection System or a Firewall.
6. Make sure that the system is not vulnerable to any other known vulnerabilities.
7. Make sure that the system
Update PHP:
1. Update PHP to the latest stable version
2. Upgrade PHP to the latest LTS release
3. Set your maximum upload size to 100 MB or less
4. Check that PHP is not vulnerable to any other known vulnerabilities
5. Check that the system is not vulnerable to any other known vulnerabilities
IP/tour/admin/operations/update_settings.php File Description:
This software is hosted on the following IP address:
132.236.90.134
Timeline
Published on: 10/17/2022 21:15:00 UTC
Last modified on: 10/19/2022 19:21:00 UTC