Vulnerabilities in SimpNews

2010.07.27
Credit: MustLive
Risk: Medium
Local: No
Remote: Yes

Hello Bugtraq! I want to warn you about security vulnerabilities in SimpNews. ----------------------------- Advisory: Vulnerabilities in SimpNews ----------------------------- URL: http://websecurity.com.ua/4245/ ----------------------------- Affected products: SimpNews V2.47.03 and previous versions. ----------------------------- Timeline: 26.10.2009 - found vulnerabilities. 29.05.2010 - announced at my site. 30.05.2010 - informed developer. 31.05.2010 - developer released SimpNews v2.48. In version 2.48 the developer fixed all mentioned vulnerabilities. 09.07.2010 - disclosed at my site. ----------------------------- Details: These are Full path disclosure and Cross-Site Scripting vulnerabilities. Full path disclosure: http://site/simpnews/news.php?lang=1&layout=layout2&sortorder=0&category =1 XSS: http://site/simpnews/news.php?layout=%3Cscript%3Ealert(document.cookie)% 3C/script%3E http://site/simpnews/news.php?lang=en&layout=layout2&sortorder=%22%3E%3C script%3Ealert(document.cookie)%3C/script%3E Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

Referencje:

http://www.securityfocus.com/archive/1/archive/1/512271/100/0/threaded
http://packetstormsecurity.org/1007-exploits/simpnews-xss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top