lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040829083934.684.qmail@www.securityfocus.com>
Date: 29 Aug 2004 08:39:34 -0000
From: e0r <socialanxiety@...il.com>
To: bugtraq@...urityfocus.com
Subject: CuteNews News.txt writable to world




Date: August 29, 2004
Vender: http://www.cutephp.com/
Program: CuteNews
Versions affected: => 1.3.6
Bug: CuteNews News.txt writable to world
Type: 
Author: e0r
        www: http://www.rootthief.com/
        team: !Sui-Generes (!Sui)
        Email: homicidal @ gmail . com
-----------------------------

 >Discription: 
Cute news is a powerful and easy for using news management system that use flat files to store its database. It supports comments, archives, search function, image uploading, backup function, IP banning, flood protection ...
----------------

 >Vulnerability:
 CuteNews is a very very popular news management system which makes this all the more serious. The folder "Data" is chmod '777', it has to be for CuteNews to work. But this poses a problem, if it is chmod 777 it means ANYONE can write to it. What makes it even worse is that the news.txt file is stored there, so anyone with local access to the file can open it up and replace something like:

||e0r|Open.|Many updates to come. For now, enojy the Forums.|||||

with

||!Sui|HACKED.|U got hexored!!1|||||

And now the vulnerable CuteNews is now defaced.


---------------

 >Fix: 
I haven't attempted to fix it, I'll leave that up to the vendor. 
---------------

 >Greets:  !Sui-Generis, #sui @ efnet, #blackhats,
           #phiral, atomix, d3thstar, m00, mgrd,
           lost-buffer, drug5t0r3, rootthief.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ