As of 9am June 06, 2003 the newsPHP vulnerability I reported in
EXPL-A-2003-003 has been corrected, verified and no longer poses
a security threat as reported. Donnie Werner and exploitlabs.com
express their thanks and kudos to newsPHP for a very prompt resolve.
Full Disclosure works, have your site pretested today, contact
sales@frame4.com
Donnie Werner
http://exploitlabs.com
morning_wood@exploitlabs.com
------------------------------------------------------------------
- EXPL-A-2003-003 exploitlabs.com Advisory 003
------------------------------------------------------------------
-=- newsphp -=-
06/05/03
Donnie Werner
http://exploitlabs.com
http://frame4.com
=========================================
THIS IS NOT NPHP
http://www.nphp.net/
http://www.secunia.com/advisories/8942/
=========================================
Vunerability(s):
----------------
1.Persistant XSS JavaScript injection
Product:
--------
newsphp
http://www.newsphp.com
Description of product:
-----------------------
"Features include: Easy customization with
config script;
Easy setup;
Post, edit and delete news items;
Headlines script lets you display the headline
of your latest news. Uses MySQL database for
speed and reliability; Archive feature that
lets your users view old news;
Easy user management with 2 different user access levels;
Full banner management with statistics;
online news style editing and much more...
Ever wanted to make your site look like CNN, WaPost,
USA Today, BBC, CNBC?
Try NewsPHP!"
The system requirements for NewsPHP are as follows:
PHP
Web Server (UNIX/NT)
MySQL Server
Must support SSI's (Server Side Includes)
Note:
-----
looks like they were the target of a unsucsesfull attack evidenced by
http://members.newsphp.com/banner/1028674461.gif dated 07.08.02
http://members.newsphp.com/newsadmin/useradmin.php?action=banner
Vunerable Instalations:
-----------------------
http://www.renotahoetoday.com/index.php?view_comments=17
http://www.caraibesfm.com/index.php?view_comments=189
http://www.hoosierairnews.com/index.php?view_comments=210
VUNERABILITY / EXPLOIT
======================
newsphp has a comment freature, if enabled posting of comments
containging
Vendor Fix:
-----------
No fix on 0day
Vendor Contact:
---------------
Concurrent to this date of release
mailto:support@newsphp.com
Credits:
--------
Donnie Werner
http://exploitlabs.com "where finding your holes is job one, and plugging them twice the phun"
morning_wood@exploitlabs.com
Corporate Security Needs at http://fram4.com Security Systems