Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

CuteNews News.txt writable to world

from [e0r] Network Security [Permanent Link]
Subject: CuteNews News.txt writable to world
Date: 29 Aug 2004 08:39:34 -0000 


Date: August 29, 2004
Vender: http://www.cutephp.com/
Program: CuteNews
Versions affected: => 1.3.6
Bug: CuteNews News.txt writable to world
Type: 
Author: e0r
        www: http://www.rootthief.com/
        team: !Sui-Generes (!Sui)
        Email: homicidal @ gmail . com
-----------------------------


Discription: 

Cute news is a powerful and easy for using news management system that use flat 
files to store its database. It supports comments, archives, search function, 
image uploading, backup function, IP banning, flood protection ...
----------------


Vulnerability:

 CuteNews is a very very popular news management system which makes this all 
the more serious. The folder "Data" is chmod '777', it has to be for CuteNews 
to work. But this poses a problem, if it is chmod 777 it means ANYONE can write 
to it. What makes it even worse is that the news.txt file is stored there, so 
anyone with local access to the file can open it up and replace something like:

||e0r|Open.|Many updates to come. For now, enojy the Forums.|||||

with

||!Sui|HACKED.|U got hexored!!1|||||

And now the vulnerable CuteNews is now defaced.


---------------


Fix: 

I haven't attempted to fix it, I'll leave that up to the vendor. 
---------------


Greets:  !Sui-Generis, #sui @ efnet, #blackhats,

           #phiral, atomix, d3thstar, m00, mgrd,
           lost-buffer, drug5t0r3, rootthief.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • CuteNews News.txt writable to world, e0r <=
Previous by Date:  Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State), john . courcoul
Next by Date:  [vulnwatch] WS_FTP Server Denial of Service Vulnerability, lion
Previous by Thread:  Re: 0day critical vulnerability/exploit targets Winamp users in the wild, K-OTiK Security
Next by Thread:  [vulnwatch] WS_FTP Server Denial of Service Vulnerability, lion
Indexes:  [Date] [Thread] [Top] [All Lists]