DGNews news.php newsid Variable Path Disclosure

2007-05-28T00:00:00
ID OSVDB:34226
Type osvdb
Reporter Jesper Jurcenoks(jesper.jurcenoks@netvigilance.com)
Modified 2007-05-28T00:00:00

Description

Vulnerability Description

DGNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'newsid' variable of the news.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Technical Description

This vulnerability is only present when the display_errors PHP option is 'on'.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DGNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'newsid' variable of the news.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Manual Testing Notes

http://[target]/[PRODUCT-DIRECTORY]/news.php?go=fullnews&newsid[]=1 http://[target]/[PRODUCT-DIRECTORY]/news.php?go=fullnews&newsid=`

References:

Vendor URL: http://www.diangemilang.com/dgscripts.php Related OSVDB ID: 34227 Related OSVDB ID: 34228 Other Advisory URL: http://www.netvigilance.com/advisory0021 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0507.html Keyword: netVigilance Security Advisory #21 ISS X-Force ID: 34540 CVE-2007-0692