MyNewsGroups :) XSS patch PROGRAM: MyNewsGroups :) VENDOR: Carlos Sanchez Valle et al. HOMEPAGE: http://mynewsgroups.sourceforge.net/ VULNERABLE VERSIONS: 0.4, 0.4.1, possibly others IMMUNE VERSIONS: 0.4.1 with my patch applied SEVERITY: high LOGIN REQUIRED: no DESCRIPTION: "MyNewsGroups :) is a USENET news client with a completely Web-based interface. It is written in PHP4, and it uses a MySQL database backend, which allows useful tools such as search engines, SPAM filters, subscriptions, and stats to be implemented. The interface of MyNewsGroups :) is very easy to use." (direct quote from the program's project page at Freshmeat) The program is published under the terms of the GNU General Public License. SUMMARY: MyNewsGroups :) has got several cross-site scripting holes that are triggered when displaying the Subject headers of newsgroup messages. By posting a malicious newsgroup message, an attacker can take over many MyNewsGroups :) users' accounts. The same attacker can also trick the program into posting fake messages under the users' names. COMMUNICATION WITH VENDOR: The vendor was contacted on the 9th of July. They still haven't fixed this issue. MY PATCH: I wrote a patch for this XSS issue, and I have included it as an attachment to this mail. I have patched against version 0.4.1. // Ulf Harnhammar VSU Security ulfhat_private
This archive was generated by hypermail 2b30 : Mon Sep 30 2002 - 14:49:12 PDT