Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » IndyNews - PhpNuke module: several problems

IndyNews - PhpNuke module: several problems

by Nikola Strahija on February 14th, 2003 IndyNews is a PhpNuke add-on that allows users to include media files to articles. There are several problems with this add-on.


1) function delMediaFile()

- Anybody is able to delete any media attached to already approved articles.

2) function manageMedia()

- Anybody can delete any file owned by the user that runs the php script.

- Manipulating the cookie, you can modify the path of the uploaded files, so they can be saved wherever you want (into a directory writable by the process owner).

3) function editMediaDescr() and editMediaTempDescr()
- Anybody can edit the description of a media attached to an approved or pendent article.
Since the file description is showed through the HTML alt="" attribute, and no check is performed on its contents, it is possible to alter totally the layout of an article, so as inserting whatever link, image, javascript code etc.

Solution:
Patch is available here: http://www.bergamoblog.it/modules.php?name=Downloads&d_op=getit&lid=4

Discovered by:
Elisa Manara http://www.entropika.net
Sed Software Consortium info (at) sed-consortium.com


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »