PHPFreeNews Logout.php Arbitrary Site Redirect

2005-07-29T07:58:16
ID OSVDB:18453
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-07-29T07:58:16

Description

Vulnerability Description

PHPFreeNews contains a flaw that may allow a remote attacker to trick a user into visiting an arbitrary site under the apparent trust of a legitimate site. The issue is due to the Logout.php script providing a site redirect to an arbitrary web site. This may give an attacker a way to trick a user into clicking what appears to be a legitimate URL of a valid site, but really leads them to an arbitrary site with malicious content.

Solution Description

Upgrade to version 1.40 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHPFreeNews contains a flaw that may allow a remote attacker to trick a user into visiting an arbitrary site under the apparent trust of a legitimate site. The issue is due to the Logout.php script providing a site redirect to an arbitrary web site. This may give an attacker a way to trick a user into clicking what appears to be a legitimate URL of a valid site, but really leads them to an arbitrary site with malicious content.

Manual Testing Notes

http://[target]/[path]/inc/Logout.php?AdminScript=http://[evil_site]/[evil_script]

References:

Vendor URL: http://www.phpfreenews.co.uk/ Vendor Specific Solution URL: http://www.phpfreenews.co.uk/News/SinglePosting.php?ArticleID=22 Security Tracker: 1014601 Secunia Advisory ID:16312 Related OSVDB ID: 18451 Related OSVDB ID: 18455 Related OSVDB ID: 18452 Related OSVDB ID: 18454 Related OSVDB ID: 18456 Related OSVDB ID: 18457 Other Advisory URL: http://rgod.altervista.org/phpfreenews.html