[VIM] ashnews issue seems to be old rediscovery

Steven M. Christey coley at mitre.org
Mon Jun 5 21:02:14 EDT 2006


Ref:

  http://www.milw0rm.com/exploits/1864

same affected version and exploit vectors as CVE-2003-1292, and
apparently there was a rediscovery in January, which George seems to
know about :)

- Steve

======================================================
Name: CVE-2003-1292
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1292
Acknowledged: yes followup
Announced: 20030720
Flaw: php-include
Reference: BUGTRAQ:20030720 sorry, wrong file
Reference: URL:http://www.securityfocus.com/archive/1/329910
Reference: FULLDISC:20060130 Re: ashnews Cross-Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html
Reference: FULLDISC:20060131 Re: ashnews Cross-Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html
Reference: FULLDISC:20060131 Re: ashnews Cross-Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html
Reference: CONFIRM:http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0
Reference: BID:16436
Reference: URL:http://www.securityfocus.com/bid/16436
Reference: SECUNIA:9331
Reference: URL:http://secunia.com/advisories/9331

PHP remote file include vulnerability in Derek Ashauer ashNews 0.83
allows remote attackers to include and execute arbitrary remote files
via a URL in the pathtoashnews parameter to (1) ashnews.php and (2)
ashheadlines.php.


Analysis:
ACKNOWLEDGEMENT: The vendor's forum post says 'There is a security
vulnerability in ashnews. ... On line 22 (or somewhere close to it)
... include($pathtoashnews."ashprojects/newsconfig.php"); ... Should
be ... include("ashprojects/newsconfig.php");.' The forum post is
written as a followup to related information on a
security-corporation.com web page (which seems to no longer exist).




More information about the VIM mailing list