Cutenews is a powerful news management system that uses flat file storage.
Cutenews has a vulnerability when processing request parameters submitted by users. A remote attacker may exploit this vulnerability to execute arbitrary commands on the host.
When managing accounts and editing template files, CuteNews cannot correctly filter user input. CuteNews takes the HTML code from the web form and outputs it into a template file named .tpl. The template file contains PHP code similar to the following:
--snip--
$template_active = <<[HTML template code]
HTML;
$template_full = <<
[HTML template code]
HTML;
?>
--snap--
Enter the following template script:
--snip--
HTML;
[PHP code]
$fake_template = <<--snap--
Manage the account to execute PHP Code that causes a shell command to be executed on the local system.
<*Source: John Cantu (
http://www.bkjia.com/PHPjc/629809.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629809.htmlTechArticleCutenews is a powerful news management system that uses flat file storage. There is a vulnerability in Cutenews when processing request parameters submitted by users. A remote attacker may exploit this vulnerability to...