Usenet application MyNewsGroups endangers server security
Usenet clients that use a Web interface are practical and flexible. But servers that run on the MyNewsGroups Open Source client written in PHP may soon be receiving some unexpected company. Philipp Niedziela has discovered a hole that allows arbitrary scripts to be executed on servers via Remote File Inclusion. The problem is the result of a flaw in the filtering of the variable myng_root, which puts paths into scripts by means of
http://server/lib/tree/layersmenu.inc.php?myng_root=externe_url.
The flaw is in versions prior to, and including, 0.6b. Niedziela says that the problem is solved when the variable myng_root is permanently assigned a value. For further details, see his report.
- MyNewsGroups :) v. 0.6b Remote File Inclusion, Philipp Niedziela's advisory
(ehe)