In association with heise online

01 August 2006, 13:23

Usenet application MyNewsGroups endangers server security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Usenet clients that use a Web interface are practical and flexible. But servers that run on the MyNewsGroups Open Source client written in PHP may soon be receiving some unexpected company. Philipp Niedziela has discovered a hole that allows arbitrary scripts to be executed on servers via Remote File Inclusion. The problem is the result of a flaw in the filtering of the variable myng_root, which puts paths into scripts by means of


The flaw is in versions prior to, and including, 0.6b. Niedziela says that the problem is solved when the variable myng_root is permanently assigned a value. For further details, see his report.

Also see:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit