Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   WEB//NEWS Vendors:
WEB//NEWS Include File Flaw in 'parse/parser.php' Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1016938
SecurityTracker URL:
CVE Reference:   CVE-2006-5100   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Sep 27 2006
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.4 prior to Build 26092006-01
Description:   ThE-WoLf-KsA reported a vulnerability in WEB//NEWS. A remote user can execute arbitrary code on the target system.

The 'parse/parser.php' script does not properly validate user-supplied input in the 'WN_BASEDIR' parameter. A remote user can supply a specially crafted URL to cause the target system to include and execute arbitrary PHP code from a remote location. The PHP code, including operating system commands, will run with the privileges of the target web service.

A demonstration exploit URL is provided:


Impact:   A remote user can execute arbitrary PHP code and operating system commands on the target system with the privileges of the target web service.
Solution:   The vendor has issued a fixed version (Version 1.4 Build 26092006-01).

Also, a patch (1.4 security patch 2) is available at:

The advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit

#webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit
#Critical Level : Dangerous
#Version : v1.4
#Bug in : parse/parser.php
#Vlu Code :
#            require($WN_BASEDIR."/parse/parser.php");
#Exploit :
#Discoverd By : ThE-WoLf-KsA
#Conatact : the-wolf-ksa[at]
#XP10_hackEr Team


Express yourself instantly with MSN Messenger! Download today it's FREE!

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC