| To: | philip anselmo <spoonman500@hotmail.com> |
|---|---|
| Subject: | Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability |
| From: | Francesco Laurita <francesco@francesco-laurita.info> |
| Date: | Mon, 27 Nov 2006 21:49:48 +0100 |
| Cc: | bugtraq@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| In-reply-to: | <BAY12-F2513C473246980BFE36553F5E70@phx.gbl> |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
| References: | <BAY12-F2513C473246980BFE36553F5E70@phx.gbl> |
| User-agent: | Mozilla Thunderbird 1.5.0.8 (Windows/20061025) |
philip anselmo ha scritto:
> Vulnerable Code:
> ***************
> require_once("$cutepath/inc/functions.inc.php");
> require_once("$cutepath/data/config.php");
>
> affected file: search.php & show_news.php & show_archives.php
> ----------------------------------------------------------------------
Please mark it as bogus.
$cutepath is defined some lines above:
$cutepath = __FILE__;
Regards
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | rPSA-2006-0219-1 info install-info texinfo, rPath Update Announcements |
|---|---|
| Next by Date: | iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability, iDefense Labs |
| Previous by Thread: | CuteNews v1.4.5 (search.php) Remote file include vulnerability, philip anselmo |
| Next by Thread: | Re: CuteNews v1.4.5 (search.php) Remote file include vulnerability, raven |
| Indexes: | [Date] [Thread] [Top] [All Lists] |