HNS MAIN FEED
Thursday, 18:48 EDT
- Android wallpaper app stealing user data and sending it to China
- Black Hat USA 2010: A recession proof conference?
- Apple improves App Store security
- ATMs hacked and spitting up money at Black Hat
- Trojan masquerades as iPhone jailbreaking software
- Authentication management platform for any and every authentication factor
- Google has two times more malware than Bing, Yahoo! and Twitter combined
- New assurance mark of software application security
- Sourcefire's open source framework for deep threat inspection
- 100 million Facebook pages published on torrent site
- Cell-phone call interception demonstration at Defcon might not be a sure thing
- Critical ToolTalk Database Server Parser vulnerability discovered
CuteNews flood.db.php Client-IP HTTP Header Arbitrary Code Injection
Posted on 19 September 2005
Vulnerability Description
CuteNews contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the flood protection code in /inc/shows.inc.php not properly sanitizing user input supplied to the HTTP_CLIENT_IP variable. This may allow an attacker to supply a specially crafted header value and inject arbitrary strings into the /data/flood.db.php file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
Manual Testing Notes
http://[victim]/[path]/cute/data/flood.db.php
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Products:
- CutePHP CuteNews 1.4.0 Affected
Vulnerability classification:
- Remote vulnerability
- Input manipulation attack
- Impact on integrity
- Exploit available
External references:
- Vendor URL: go there
- Secunia Advisory ID: 16832
- Other Advisory URL: go there
- Mail List Post: go there
- Other Advisory URL: go there
- Security Tracker: 1014926
- Bugtraq ID: 14869
- CVE ID: 2005-3010
The HNS Vulnerabilities section is powered by OSVDB