Port Listener Command Injection

Question

My IBM appscan result shows 139 vulnerabilities Port Listener Command Injection. I am using PHP codeigniter framework.

Parameter: status
Risk(s): It is possible to run remote commands on the web server. This usually means complete compromise of the server and its
contents
Fix: Set the "uri" attribute of the "domain" entity in the clientaccesspolicy.xml file to include specific domain names instead of any
domain.

How can I solve this issue?

Have you tried to "Set the "uri" attribute of the "domain" entity in the clientaccesspolicy.xml file to include specific domain names instead of any domain."? — David Buck, Aug 13 '20 at 19:09

score 0 · Answer 1 · answered Aug 13 '20 at 19:20

Well... without seeing code, I'm not sure to answer your question. The ClientAccessPolicy. xml is used by web clients to determine if cross domain access is allowed or not. The default ClientAccessPolicy.xml configuration of the TwinCAT ADS WCF.

Check out Config ClientAccessPolicy.xml

I found it to be very helpful with these kinds of questions

Port Listener Command Injection

1 Answers1