[VulnWatch] MyNewsGroups :) XSS patchFrom: Ulf Harnhammar (email@example.com)
- Previous message: Stefan Esser: "[VulnWatch] Advisory 03/2002: Fetchmail remote vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 30 Sep 2002 01:05:39 +0200 (CEST) From: Ulf Harnhammar <firstname.lastname@example.org> To: email@example.com
MyNewsGroups :) XSS patch
PROGRAM: MyNewsGroups :)
VENDOR: Carlos Sanchez Valle et al.
VULNERABLE VERSIONS: 0.4, 0.4.1, possibly others
IMMUNE VERSIONS: 0.4.1 with my patch applied
LOGIN REQUIRED: no
"MyNewsGroups :) is a USENET news client with a completely Web-based
interface. It is written in PHP4, and it uses a MySQL database
backend, which allows useful tools such as search engines, SPAM
filters, subscriptions, and stats to be implemented. The interface
of MyNewsGroups :) is very easy to use."
(direct quote from the program's project page at Freshmeat)
The program is published under the terms of the GNU General Public
MyNewsGroups :) has got several cross-site scripting holes that are
triggered when displaying the Subject headers of newsgroup messages.
By posting a malicious newsgroup message, an attacker can take over
many MyNewsGroups :) users' accounts. The same attacker can also
trick the program into posting fake messages under the users' names.
COMMUNICATION WITH VENDOR:
The vendor was contacted on the 9th of July. They still haven't
fixed this issue.
I wrote a patch for this XSS issue, and I have included it as an
attachment to this mail. I have patched against version 0.4.1.
// Ulf Harnhammar
- TEXT/PLAIN attachment: mynewsgroups.patch